CVE-2025-20242

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

A

vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device.

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\)es2:*:*:*:*:*:*:*

History

11 Jul 2025, 15:20

Type	Values Removed	Values Added
First Time		Cisco Cisco unified Contact Center Enterprise
CPE		cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\(2\)es2:::::::*
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8 -~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8 - Vendor Advisory

21 May 2025, 20:24

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-21 17:15

Updated : 2025-07-11 15:20

NVD link : CVE-2025-20242

Mitre link : CVE-2025-20242

CVE.ORG link : CVE-2025-20242

JSON object : View

Products Affected

unified_contact_center_enterprise

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-20242", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2025-05-21T17:15:56.190", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device.\r\n\r This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en el componente Cloud Connect de Cisco Unified Contact Center Enterprise (CCE) podr\u00eda permitir que un atacante remoto no autenticado lea y modifique datos en un dispositivo afectado. Esta vulnerabilidad se debe a la falta de controles de autenticaci\u00f3n adecuados. Un atacante podr\u00eda explotar esta vulnerabilidad enviando datos TCP manipulados a un puerto espec\u00edfico del dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante leer o modificar datos en el dispositivo afectado."}], "lastModified": "2025-07-11T15:20:30.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\)es2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11A9BD62-6781-4C09-B711-F2FD8CF5050D"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}