A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.
2025-11-05T17:15:38.457
2025-11-17T19:40:48.957
Analyzed
CVSSv3.1: 4.9 (MEDIUM)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | unified_contact_center_express | < 12.5\(1\)_su03_es07 | Yes |
| Application | cisco | unified_contact_center_express | 15.0 | Yes |