At a glance:
| ID | 49309 |
| Created | Jun 22, 2020 |
| Updated | Jul 07, 2020 |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | Other |
| Affected App | Cisco |
Legend
| Enabled/Available |
|
| Disabled/Not Avaliable | 
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2020-06-30 | 15.876 | * |
| 2020-07-08 | 15.881 | Default_action:pass:drop |
Refine Search
Intrusion Prevention
Cisco.UCCX.RMI.Insecure.Deserialization
Description
This indicates an attack attempt to exploit an Insecure Deserialization Vulnerability in Cisco Systems Unified Contact Center Express (UCCX).
This vulnerability is due to deserialization of untrusted data. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution as root.
Affected Products
Cisco Systems Unified Contact Center Express (UCCX) prior to 12.0(1)ES03
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-rce-GMSC6RKN