Cisco Releases Critical Security Update for Unified CCMP and Unified CCDM

Scheduled update addresses critical privilege escalation vulnerability in Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM)

Threat ID:: CC-4012
Threat Severity:: Information only
Published:: 13 January 2022 1:22 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled update addresses critical privilege escalation vulnerability in Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM)

Affected platforms

The following platforms are known to be affected:

Versions: Unified Contact Center Management Portal (CCMP), Unified Contact Center Domain Manager (CCDM)

Cisco Unified Contact Center

Exploitation is possible if running with the default configuration.

Threat details

Introduction

Cisco has released a security update to address a critical vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM). An attacker with Advanced User credentials could exploit this privilege escalation vulnerability by creating an Administrator account and taking control of an affected system.

Remediation advice

Affected organisations are encouraged to review Cisco Security Advisories and apply the necessary update below.

Remediation steps

Type	Step
Patch	Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4

Definitive source of threat updates

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4

CVE Vulnerabilities

Status Reserved

CVE-2022-20658

Last edited: 3 October 2022 1:06 pm