Rewterz Threat Alert – COVID-19 Themed Android Malware Steals SMS and Contacts
May 21, 2020Rewterz Threat Advisory – CVE-2020-3184 – Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability
May 21, 2020Rewterz Threat Alert – COVID-19 Themed Android Malware Steals SMS and Contacts
May 21, 2020Rewterz Threat Advisory – CVE-2020-3184 – Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability
May 21, 2020Severity
High
Analysis Summary
Cisco Unified Contact Center Express could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Java Remote Management Interface. By sending specially-crafted serialized Java object, an attacker could exploit this vulnerability to execute arbitrary code as root on the system.
Impact
Execute arbitrary code
Affected Vendors
Cisco
Affected Products
Cisco Unified CCX software
Remediation
Refer to Cisco Security Advisory cisco-sa-uccx-rce-GMSC6RKN for the list of affected products, upgraded patch.