Cisco Unified Contact Center Express could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Java Remote Management Interface. By sending specially-crafted serialized Java object, an attacker could exploit this vulnerability to execute arbitrary code as root on the system.
Execute arbitrary code
Cisco Unified CCX software
Refer to Cisco Security Advisory cisco-sa-uccx-rce-GMSC6RKN for the list of affected products, upgraded patch.