Attackers could entree and modify cause resources, telephone queues and different customer-service systems – and entree idiosyncratic accusation connected companies’ customers.
A captious information bug affecting Cisco’s Unified Contact Center Enterprise (UCCE) portfolio could let privilege-escalation and level takeover.
Cisco UCCE is an on-premises customer-service level capable of supporting up to 24,000 customer-service agents utilizing channels that see inbound voice, outbound voice, outbound interactive dependable effect (IVR) and integer channels. It besides offers a feedback loop via post-call IVR, email and web intercept surveys; and assorted reporting options to stitchery accusation connected cause show to usage successful establishing metrics and informing concern intelligence.
It counts immoderate dense hitters among its users, including T-Mobile USA, according to the merchandise website.
The bug successful question (CVE-2022-20658) is simply a peculiarly nasty one, with a captious standing of 9.6 retired of 10 connected the CVSS vulnerability-severity scale, and could let authenticated, distant attackers to elevate their privileges to administrator, with the quality to make different head accounts.
It specifically exists successful the web-based absorption interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM) and stems from the information that the server relies connected authentication mechanisms handled by the lawsuit side. That opens the doorway to an attacker modifying the client-side behaviour to bypass extortion mechanisms.
The CCMP is a absorption tool that gives contact-center supervisors the quality to move, adhd and alteration agents moving successful antithetic areas of the interaction halfway betwixt antithetic telephone queues, brands, merchandise lines and more. The CCDM is simply a suite of server components (PDF) for back-end management, including authentication and different information functions, assets allocation, and a database that holds accusation astir each the resources (such arsenic agents and dialed numbers) and actions taken (such arsenic telephone calls and cause authorities changes) wrong the system.
Armed with further admin accounts, attackers could entree and modify telephony and idiosyncratic resources crossed each of platforms that are associated to the susceptible Cisco Unified CCMP, Cisco warned. One tin extrapolate the operational and brand-identity havoc that an attacker could wreak by hamstringing a large company’s customer-service systems – not to notation the harm that could beryllium done with entree to the information trove of idiosyncratic accusation that the strategy indispensable location connected companies’ customers, including telephone and email communications.
It’s besides not hard to exploit: “This vulnerability is owed to the deficiency of server-side validation of idiosyncratic permissions,” Cisco explained in an advisory this week. “An attacker could exploit this vulnerability by submitting a crafted HTTP petition to a susceptible system.”
However, to successfully exploit the vulnerability, attackers would request valid “Advanced User” credentials, truthful the bug would request to beryllium chained with different for archetypal access.
There are patches disposable for this issue, but not work-arounds. Patch accusation is arsenic follows:
- Versions 11.6.1 and earlier: Fixed merchandise is 11.6.1 ES17
- Version 12.0.1: Fixed merchandise is 12.0.1 ES5
- Version 12.5.1: Fixed merchandise is 12.5.1 ES5
- Version 12.6.1: Not affected
There are nary known nationalist exploits frankincense far, according to the networking giant.
Cisco’s contact-center solutions person faced captious bugs before. For instance, successful 2020 a captious bug successful its “contact halfway in-a-box” platform, Unified Contact Center Express, was recovered to allow distant code-execution.
Password Reset: On-Demand Event: Fortify 2022 with a password-security strategy built for today’s threats. This Threatpost Security Roundtable, built for infosec professionals, centers connected endeavor credential management, the new password basics and mitigating post-credential breaches. Join Darren James, with Specops Software and Roger Grimes, defence evangelist astatine KnowBe4 and Threatpost big Becky Bracken. Register & watercourse this FREE league today – sponsored by Specops Software.