Vulnerabilites related to Cisco - Cisco SocialMiner
CVE-2019-1668 (GCVE-0-2019-1668)
Vulnerability from cvelistv5
Published
2019-01-24 16:00
Modified
2024-11-21 19:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco SocialMiner |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T18:20:28.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20190123 Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
},
{
"name": "106720",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106720"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-1668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T19:00:50.254304Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T19:46:59.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco SocialMiner",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-26T10:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20190123 Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
},
{
"name": "106720",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106720"
}
],
"source": {
"advisory": "cisco-sa-20190123-miner-chat-xss",
"defect": [
[
"CSCvi52835",
"CSCvn50066",
"CSCvn59276"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID": "CVE-2019-1668",
"STATE": "PUBLIC",
"TITLE": "Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco SocialMiner",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the chat feed feature of Cisco SocialMiner could allow an unauthenticated, remote attacker to perform cross-site scripting (XSS) attacks against a user of the web-based user interface of an affected system. This vulnerability is due to insufficient sanitization of user-supplied input delivered to the chat feed as part of an HTTP request. An attacker could exploit this vulnerability by persuading a user to follow a link to attacker-controlled content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco SocialMiner Chat Feed Cross-Site Scripting Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-miner-chat-xss"
},
{
"name": "106720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106720"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-miner-chat-xss",
"defect": [
[
"CSCvi52835",
"CSCvn50066",
"CSCvn59276"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2019-1668",
"datePublished": "2019-01-24T16:00:00Z",
"dateReserved": "2018-12-06T00:00:00",
"dateUpdated": "2024-11-21T19:46:59.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20129 (GCVE-0-2025-20129)
Vulnerability from cvelistv5
Published
2025-06-04 16:17
Modified
2025-06-04 18:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.
This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco SocialMiner |
Version: 12.5(1)ES01 Version: 10.5(1) Version: 11.6(1) Version: 10.6(1) Version: 12.0(1)ES04 Version: 10.6(2) Version: 12.5(1) Version: 11.6(2) Version: 12.0(1) Version: 12.0(1)ES02 Version: 11.0(1) Version: 11.5(1) Version: 11.5(1)SU1 Version: 12.0(1)ES03 Version: 12.5(1)SU3 Version: 12.5(1)SU1 Version: 12.5(1)SU2 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20129",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T18:13:19.983909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T18:20:18.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco SocialMiner",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "10.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES04"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES05"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES06"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data.\r\n\r\nThis vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T16:17:27.318Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ccp-info-disc-ZyGerQpd",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccp-info-disc-ZyGerQpd"
}
],
"source": {
"advisory": "cisco-sa-ccp-info-disc-ZyGerQpd",
"defects": [
"CSCwh43988"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Customer Collaboration Platform Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20129",
"datePublished": "2025-06-04T16:17:27.318Z",
"dateReserved": "2024-10-10T19:15:13.212Z",
"dateUpdated": "2025-06-04T18:20:18.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15435 (GCVE-0-2018-15435)
Vulnerability from cvelistv5
Published
2018-10-17 22:00
Modified
2024-11-26 14:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco SocialMiner |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105663",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105663"
},
{
"name": "20181017 Cisco SocialMiner Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-15435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T18:47:28.650441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:23:38.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco SocialMiner",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "105663",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105663"
},
{
"name": "20181017 Cisco SocialMiner Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss"
}
],
"source": {
"advisory": "cisco-sa-20181017-sm-xss",
"defect": [
[
"CSCvm57165"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco SocialMiner Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-17T16:00:00-0500",
"ID": "CVE-2018-15435",
"STATE": "PUBLIC",
"TITLE": "Cisco SocialMiner Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco SocialMiner",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105663",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105663"
},
{
"name": "20181017 Cisco SocialMiner Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-sm-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20181017-sm-xss",
"defect": [
[
"CSCvm57165"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2018-15435",
"datePublished": "2018-10-17T22:00:00Z",
"dateReserved": "2018-08-17T00:00:00",
"dateUpdated": "2024-11-26T14:23:38.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20278 (GCVE-0-2025-20278)
Vulnerability from cvelistv5
Published
2025-06-04 16:18
Modified
2025-06-06 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Summary
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.
This vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco Finesse |
Version: 11.0(1)ES_Rollback Version: 10.5(1)ES4 Version: 11.6(1)ES3 Version: 11.0(1)ES2 Version: 12.0(1)ES2 Version: 10.5(1)ES3 Version: 11.0(1) Version: 11.6(1)FIPS Version: 11.6(1)ES4 Version: 11.0(1)ES3 Version: 10.5(1)ES6 Version: 11.0(1)ES7 Version: 11.5(1)ES4 Version: 10.5(1)ES8 Version: 11.5(1) Version: 11.6(1) Version: 10.5(1)ES10 Version: 11.6(1)ES2 Version: 11.6(1)ES Version: 11.0(1)ES6 Version: 11.0(1)ES4 Version: 12.0(1) Version: 11.6(1)ES7 Version: 10.5(1)ES7 Version: 11.6(1)ES8 Version: 11.5(1)ES1 Version: 11.6(1)ES1 Version: 11.5(1)ES5 Version: 11.0(1)ES1 Version: 10.5(1) Version: 11.6(1)ES6 Version: 10.5(1)ES2 Version: 12.0(1)ES1 Version: 11.0(1)ES5 Version: 10.5(1)ES5 Version: 11.5(1)ES3 Version: 11.5(1)ES2 Version: 10.5(1)ES9 Version: 11.6(1)ES5 Version: 11.6(1)ES9 Version: 11.5(1)ES6 Version: 10.5(1)ES1 Version: 12.5(1) Version: 12.0(1)ES3 Version: 11.6(1)ES10 Version: 12.5(1)ES1 Version: 12.5(1)ES2 Version: 12.0(1)ES4 Version: 12.5(1)ES3 Version: 12.0(1)ES5 Version: 12.5(1)ES4 Version: 12.0(1)ES6 Version: 12.5(1)ES5 Version: 12.5(1)ES6 Version: 12.0(1)ES7 Version: 12.6(1) Version: 12.5(1)ES7 Version: 11.6(1)ES11 Version: 12.6(1)ES1 Version: 12.0(1)ES8 Version: 12.5(1)ES8 Version: 12.6(1)ES2 Version: 12.6(1)ES3 Version: 12.6(1)ES4 Version: 12.6(1)ES5 Version: 12.5(2) Version: 12.5(1)_SU Version: 12.5(1)SU Version: 12.6(1)ES6 Version: 12.5(1)SU ES1 Version: 12.6(1)ES7 Version: 12.6(1)ES7_ET Version: 12.6(2) Version: 12.6(1)ES8 Version: 12.6(1)ES9 Version: 12.6(2)ES1 Version: 12.6(1)ES10 Version: 12.5(1)SU ES2 Version: 12.6(1)ES11 Version: 12.6(2)ES2 Version: 12.6(2)ES3 Version: 12.5(1)SU ES3 Version: 12.6(2)ES4 Version: 12.6(2)ES5 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20278",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-06T03:55:32.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Finesse",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)ES_Rollback"
},
{
"status": "affected",
"version": "10.5(1)ES4"
},
{
"status": "affected",
"version": "11.6(1)ES3"
},
{
"status": "affected",
"version": "11.0(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES2"
},
{
"status": "affected",
"version": "10.5(1)ES3"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(1)FIPS"
},
{
"status": "affected",
"version": "11.6(1)ES4"
},
{
"status": "affected",
"version": "11.0(1)ES3"
},
{
"status": "affected",
"version": "10.5(1)ES6"
},
{
"status": "affected",
"version": "11.0(1)ES7"
},
{
"status": "affected",
"version": "11.5(1)ES4"
},
{
"status": "affected",
"version": "10.5(1)ES8"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)ES10"
},
{
"status": "affected",
"version": "11.6(1)ES2"
},
{
"status": "affected",
"version": "11.6(1)ES"
},
{
"status": "affected",
"version": "11.0(1)ES6"
},
{
"status": "affected",
"version": "11.0(1)ES4"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "11.6(1)ES7"
},
{
"status": "affected",
"version": "10.5(1)ES7"
},
{
"status": "affected",
"version": "11.6(1)ES8"
},
{
"status": "affected",
"version": "11.5(1)ES1"
},
{
"status": "affected",
"version": "11.6(1)ES1"
},
{
"status": "affected",
"version": "11.5(1)ES5"
},
{
"status": "affected",
"version": "11.0(1)ES1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)ES6"
},
{
"status": "affected",
"version": "10.5(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES1"
},
{
"status": "affected",
"version": "11.0(1)ES5"
},
{
"status": "affected",
"version": "10.5(1)ES5"
},
{
"status": "affected",
"version": "11.5(1)ES3"
},
{
"status": "affected",
"version": "11.5(1)ES2"
},
{
"status": "affected",
"version": "10.5(1)ES9"
},
{
"status": "affected",
"version": "11.6(1)ES5"
},
{
"status": "affected",
"version": "11.6(1)ES9"
},
{
"status": "affected",
"version": "11.5(1)ES6"
},
{
"status": "affected",
"version": "10.5(1)ES1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.0(1)ES3"
},
{
"status": "affected",
"version": "11.6(1)ES10"
},
{
"status": "affected",
"version": "12.5(1)ES1"
},
{
"status": "affected",
"version": "12.5(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES4"
},
{
"status": "affected",
"version": "12.5(1)ES3"
},
{
"status": "affected",
"version": "12.0(1)ES5"
},
{
"status": "affected",
"version": "12.5(1)ES4"
},
{
"status": "affected",
"version": "12.0(1)ES6"
},
{
"status": "affected",
"version": "12.5(1)ES5"
},
{
"status": "affected",
"version": "12.5(1)ES6"
},
{
"status": "affected",
"version": "12.0(1)ES7"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)ES7"
},
{
"status": "affected",
"version": "11.6(1)ES11"
},
{
"status": "affected",
"version": "12.6(1)ES1"
},
{
"status": "affected",
"version": "12.0(1)ES8"
},
{
"status": "affected",
"version": "12.5(1)ES8"
},
{
"status": "affected",
"version": "12.6(1)ES2"
},
{
"status": "affected",
"version": "12.6(1)ES3"
},
{
"status": "affected",
"version": "12.6(1)ES4"
},
{
"status": "affected",
"version": "12.6(1)ES5"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)ES6"
},
{
"status": "affected",
"version": "12.5(1)SU ES1"
},
{
"status": "affected",
"version": "12.6(1)ES7"
},
{
"status": "affected",
"version": "12.6(1)ES7_ET"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(1)ES8"
},
{
"status": "affected",
"version": "12.6(1)ES9"
},
{
"status": "affected",
"version": "12.6(2)ES1"
},
{
"status": "affected",
"version": "12.6(1)ES10"
},
{
"status": "affected",
"version": "12.5(1)SU ES2"
},
{
"status": "affected",
"version": "12.6(1)ES11"
},
{
"status": "affected",
"version": "12.6(2)ES2"
},
{
"status": "affected",
"version": "12.6(2)ES3"
},
{
"status": "affected",
"version": "12.5(1)SU ES3"
},
{
"status": "affected",
"version": "12.6(2)ES4"
},
{
"status": "affected",
"version": "12.6(2)ES5"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco SocialMiner",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "10.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "14SU4a"
},
{
"status": "affected",
"version": "15SU1a"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "Recovery ISO"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES04"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES05"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES06"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Intelligence Center",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.6(1)_ES05_ET"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_504_Issue_ET"
},
{
"status": "affected",
"version": "12.6.1_ExcelIssue_ET"
},
{
"status": "affected",
"version": "12.6(2)_Permalink_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwk19536_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwm96922_ET"
},
{
"status": "affected",
"version": "12.6.2_Amq_OOS_ET"
},
{
"status": "affected",
"version": "12.5(2)ET_CSCwi79933"
},
{
"status": "affected",
"version": "12.6(2)_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwn48501_ET"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Virtualized Voice Browser",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES84"
},
{
"status": "affected",
"version": "11.5(1)_ES54"
},
{
"status": "affected",
"version": "11.5(1)_ES27"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)ES36"
},
{
"status": "affected",
"version": "12.0(1)_ES01"
},
{
"status": "affected",
"version": "11.6(1)_ES85"
},
{
"status": "affected",
"version": "12.5(1)_ES05"
},
{
"status": "affected",
"version": "11.5(1)_ES32"
},
{
"status": "affected",
"version": "11.6(1)_ES83"
},
{
"status": "affected",
"version": "11.5(1)_ES29"
},
{
"status": "affected",
"version": "12.0(1)_ES06"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES07"
},
{
"status": "affected",
"version": "11.6(1)_ES80"
},
{
"status": "affected",
"version": "12.0(1)_ES05"
},
{
"status": "affected",
"version": "11.5(1)_ES36"
},
{
"status": "affected",
"version": "11.5(1)_ES53"
},
{
"status": "affected",
"version": "12.5(1)_ES08"
},
{
"status": "affected",
"version": "11.5(1)ES43"
},
{
"status": "affected",
"version": "12.0(1)_ES03"
},
{
"status": "affected",
"version": "11.6(1)_ES86"
},
{
"status": "affected",
"version": "12.0(1)_ES04"
},
{
"status": "affected",
"version": "11.5(1)ES27"
},
{
"status": "affected",
"version": "12.5(1)_ES03"
},
{
"status": "affected",
"version": "11.6(1)_ES88"
},
{
"status": "affected",
"version": "12.5(1)_ES06"
},
{
"status": "affected",
"version": "11.6(1)_ES82"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.5(1)ES29"
},
{
"status": "affected",
"version": "12.5(1)_ES04"
},
{
"status": "affected",
"version": "12.5(1)_ES07"
},
{
"status": "affected",
"version": "11.6(1)_ES87"
},
{
"status": "affected",
"version": "11.6(1)_ES81"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES22"
},
{
"status": "affected",
"version": "11.5(1)_ES43"
},
{
"status": "affected",
"version": "11.5(1)ES32"
},
{
"status": "affected",
"version": "12.0(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES02"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES01"
},
{
"status": "affected",
"version": "12.0(1)_ES08"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
},
{
"status": "affected",
"version": "12.6(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES11"
},
{
"status": "affected",
"version": "12.5(1)_ES12"
},
{
"status": "affected",
"version": "12.6(1)_ES03"
},
{
"status": "affected",
"version": "12.5(1)_ES13"
},
{
"status": "affected",
"version": "12.5(1)_ES14"
},
{
"status": "affected",
"version": "12.6(1)_ES04"
},
{
"status": "affected",
"version": "12.6(1)_ES05"
},
{
"status": "affected",
"version": "12.5(1)_ES15"
},
{
"status": "affected",
"version": "12.6(1)_ES06"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.5(1)_ES16"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES01"
},
{
"status": "affected",
"version": "12.6(1)_ES07"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.5(1)_ES17"
},
{
"status": "affected",
"version": "12.6(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES10"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ES01"
},
{
"status": "affected",
"version": "12.6(2)_ET01"
},
{
"status": "affected",
"version": "12.5(2)_ET"
},
{
"status": "affected",
"version": "12.6(2)_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ET_Streaming"
},
{
"status": "affected",
"version": "12.6(2)ET_Transcribe"
},
{
"status": "affected",
"version": "12.6(2)_ES03"
},
{
"status": "affected",
"version": "12.6(2)ET_NuanceMix"
},
{
"status": "affected",
"version": "12.6(2)ET_FileUpload"
},
{
"status": "affected",
"version": "12.6(2)_ET02"
},
{
"status": "affected",
"version": "12.6(2)_ES04"
},
{
"status": "affected",
"version": "12.6.2ET_RTPfallback"
},
{
"status": "affected",
"version": "12.6.2ET_CSCwf55306"
},
{
"status": "affected",
"version": "12.6.2_ET_CSCwj36712"
},
{
"status": "affected",
"version": "12.5.2 ET-CSCwj33374"
},
{
"status": "affected",
"version": "12.5(1) SU ET"
},
{
"status": "affected",
"version": "12.6(2)ET_CSCwj87296"
},
{
"status": "affected",
"version": "12.6(2)_ES05"
},
{
"status": "affected",
"version": "12.5.2_ET_CSCvz27014"
},
{
"status": "affected",
"version": "12.6(2)_ET"
},
{
"status": "affected",
"version": "12.6.2-ET"
},
{
"status": "affected",
"version": "12.6(2)ET_CSCwk83135"
},
{
"status": "affected",
"version": "12.6.2_ET_CX_ALAW"
},
{
"status": "affected",
"version": "12.6.2-ET01-SSL"
},
{
"status": "affected",
"version": "12.6(2)_ES06"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user.\r\n\r\nThis vulnerability is due to improper validation of user-supplied command arguments. An attacker could exploit this vulnerability by executing crafted commands on the CLI of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. To exploit this vulnerability, the attacker must have valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T16:18:20.661Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-vos-command-inject-65s2UCYy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy"
}
],
"source": {
"advisory": "cisco-sa-vos-command-inject-65s2UCYy",
"defects": [
"CSCwk24029"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unified Communications Products Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20278",
"datePublished": "2025-06-04T16:18:20.661Z",
"dateReserved": "2024-10-10T19:15:13.246Z",
"dateUpdated": "2025-06-06T03:55:32.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20112 (GCVE-0-2025-20112)
Vulnerability from cvelistv5
Published
2025-05-21 16:19
Modified
2025-05-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-268 - Privilege Chaining
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device.
This vulnerability is due to excessive permissions that have been assigned to system commands. An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco Emergency Responder |
Version: 12.5(1a) Version: 12.5(1)SU1 Version: 12.5(1) Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)SU4 Version: 14 Version: 12.5(1)SU5 Version: 14SU1 Version: 12.5(1)SU6 Version: 14SU2 Version: 12.5(1)SU7 Version: 14SU3 Version: 12.5(1)SU8 Version: 12.5(1)SU8a Version: 12.5(1)SU8b Version: 14SU3a Version: 15 Version: 15SU1 Version: 15SU1a Version: 14SU4 Version: 12.5(1)SU9 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20112",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T03:55:22.658Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Emergency Responder",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1a)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "12.5(1)SU8b"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "15SU1a"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Finesse",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)ES_Rollback"
},
{
"status": "affected",
"version": "10.5(1)ES4"
},
{
"status": "affected",
"version": "11.6(1)ES3"
},
{
"status": "affected",
"version": "11.0(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES2"
},
{
"status": "affected",
"version": "10.5(1)ES3"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(1)FIPS"
},
{
"status": "affected",
"version": "11.6(1)ES4"
},
{
"status": "affected",
"version": "11.0(1)ES3"
},
{
"status": "affected",
"version": "10.5(1)ES6"
},
{
"status": "affected",
"version": "11.0(1)ES7"
},
{
"status": "affected",
"version": "11.5(1)ES4"
},
{
"status": "affected",
"version": "10.5(1)ES8"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)ES10"
},
{
"status": "affected",
"version": "11.6(1)ES2"
},
{
"status": "affected",
"version": "11.6(1)ES"
},
{
"status": "affected",
"version": "11.0(1)ES6"
},
{
"status": "affected",
"version": "11.0(1)ES4"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "11.6(1)ES7"
},
{
"status": "affected",
"version": "10.5(1)ES7"
},
{
"status": "affected",
"version": "11.6(1)ES8"
},
{
"status": "affected",
"version": "11.5(1)ES1"
},
{
"status": "affected",
"version": "11.6(1)ES1"
},
{
"status": "affected",
"version": "11.5(1)ES5"
},
{
"status": "affected",
"version": "11.0(1)ES1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)ES6"
},
{
"status": "affected",
"version": "10.5(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES1"
},
{
"status": "affected",
"version": "11.0(1)ES5"
},
{
"status": "affected",
"version": "10.5(1)ES5"
},
{
"status": "affected",
"version": "11.5(1)ES3"
},
{
"status": "affected",
"version": "11.5(1)ES2"
},
{
"status": "affected",
"version": "10.5(1)ES9"
},
{
"status": "affected",
"version": "11.6(1)ES5"
},
{
"status": "affected",
"version": "11.6(1)ES9"
},
{
"status": "affected",
"version": "11.5(1)ES6"
},
{
"status": "affected",
"version": "10.5(1)ES1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.0(1)ES3"
},
{
"status": "affected",
"version": "11.6(1)ES10"
},
{
"status": "affected",
"version": "12.5(1)ES1"
},
{
"status": "affected",
"version": "12.5(1)ES2"
},
{
"status": "affected",
"version": "12.0(1)ES4"
},
{
"status": "affected",
"version": "12.5(1)ES3"
},
{
"status": "affected",
"version": "12.0(1)ES5"
},
{
"status": "affected",
"version": "12.5(1)ES4"
},
{
"status": "affected",
"version": "12.0(1)ES6"
},
{
"status": "affected",
"version": "12.5(1)ES5"
},
{
"status": "affected",
"version": "12.5(1)ES6"
},
{
"status": "affected",
"version": "12.0(1)ES7"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)ES7"
},
{
"status": "affected",
"version": "11.6(1)ES11"
},
{
"status": "affected",
"version": "12.6(1)ES1"
},
{
"status": "affected",
"version": "12.0(1)ES8"
},
{
"status": "affected",
"version": "12.5(1)ES8"
},
{
"status": "affected",
"version": "12.6(1)ES2"
},
{
"status": "affected",
"version": "12.6(1)ES3"
},
{
"status": "affected",
"version": "12.6(1)ES4"
},
{
"status": "affected",
"version": "12.6(1)ES5"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)ES6"
},
{
"status": "affected",
"version": "12.5(1)SU ES1"
},
{
"status": "affected",
"version": "12.6(1)ES7"
},
{
"status": "affected",
"version": "12.6(1)ES7_ET"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(1)ES8"
},
{
"status": "affected",
"version": "12.6(1)ES9"
},
{
"status": "affected",
"version": "12.6(2)ES1"
},
{
"status": "affected",
"version": "12.6(1)ES10"
},
{
"status": "affected",
"version": "12.5(1)SU ES2"
},
{
"status": "affected",
"version": "12.6(1)ES11"
},
{
"status": "affected",
"version": "12.6(2)ES2"
},
{
"status": "affected",
"version": "12.6(2)ES3"
},
{
"status": "affected",
"version": "12.5(1)SU ES3"
},
{
"status": "affected",
"version": "12.6(2)ES4"
},
{
"status": "affected",
"version": "12.6(2)ES6"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Prime Collaboration Deployment",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.0(1a)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(3)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "12.0(1a)"
},
{
"status": "affected",
"version": "11.5(3)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.5(2)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(3)SU1"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco SocialMiner",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "10.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "14SU4a"
},
{
"status": "affected",
"version": "15SU1a"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES04"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "8.5(1)SU4ES09"
},
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES05"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES06"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Intelligence Center",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.6(1)_ES05_ET"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_504_Issue_ET"
},
{
"status": "affected",
"version": "12.6.1_ExcelIssue_ET"
},
{
"status": "affected",
"version": "12.6(2)_Permalink_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwk19536_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwm96922_ET"
},
{
"status": "affected",
"version": "12.6.2_Amq_OOS_ET"
},
{
"status": "affected",
"version": "12.5(2)ET_CSCwi79933"
},
{
"status": "affected",
"version": "12.6(2)_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwn48501_ET"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14SU3"
},
{
"status": "affected",
"version": "12.5(1)SU8"
},
{
"status": "affected",
"version": "14SU3a"
},
{
"status": "affected",
"version": "12.5(1)SU8a"
},
{
"status": "affected",
"version": "15"
},
{
"status": "affected",
"version": "15SU1"
},
{
"status": "affected",
"version": "14SU4"
},
{
"status": "affected",
"version": "12.5(1)SU9"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Virtualized Voice Browser",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES84"
},
{
"status": "affected",
"version": "11.5(1)_ES54"
},
{
"status": "affected",
"version": "11.5(1)_ES27"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)ES36"
},
{
"status": "affected",
"version": "12.0(1)_ES01"
},
{
"status": "affected",
"version": "11.6(1)_ES85"
},
{
"status": "affected",
"version": "12.5(1)_ES05"
},
{
"status": "affected",
"version": "11.5(1)_ES32"
},
{
"status": "affected",
"version": "11.6(1)_ES83"
},
{
"status": "affected",
"version": "11.5(1)_ES29"
},
{
"status": "affected",
"version": "12.0(1)_ES06"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES07"
},
{
"status": "affected",
"version": "11.6(1)_ES80"
},
{
"status": "affected",
"version": "12.0(1)_ES05"
},
{
"status": "affected",
"version": "11.5(1)_ES36"
},
{
"status": "affected",
"version": "11.5(1)_ES53"
},
{
"status": "affected",
"version": "12.5(1)_ES08"
},
{
"status": "affected",
"version": "11.5(1)ES43"
},
{
"status": "affected",
"version": "12.0(1)_ES03"
},
{
"status": "affected",
"version": "11.6(1)_ES86"
},
{
"status": "affected",
"version": "12.0(1)_ES04"
},
{
"status": "affected",
"version": "11.5(1)ES27"
},
{
"status": "affected",
"version": "12.5(1)_ES03"
},
{
"status": "affected",
"version": "11.6(1)_ES88"
},
{
"status": "affected",
"version": "12.5(1)_ES06"
},
{
"status": "affected",
"version": "11.6(1)_ES82"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.5(1)ES29"
},
{
"status": "affected",
"version": "12.5(1)_ES04"
},
{
"status": "affected",
"version": "12.5(1)_ES07"
},
{
"status": "affected",
"version": "11.6(1)_ES87"
},
{
"status": "affected",
"version": "11.6(1)_ES81"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES22"
},
{
"status": "affected",
"version": "11.5(1)_ES43"
},
{
"status": "affected",
"version": "11.5(1)ES32"
},
{
"status": "affected",
"version": "12.0(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES02"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES01"
},
{
"status": "affected",
"version": "12.0(1)_ES08"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
},
{
"status": "affected",
"version": "12.6(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES11"
},
{
"status": "affected",
"version": "12.5(1)_ES12"
},
{
"status": "affected",
"version": "12.6(1)_ES03"
},
{
"status": "affected",
"version": "12.5(1)_ES13"
},
{
"status": "affected",
"version": "12.5(1)_ES14"
},
{
"status": "affected",
"version": "12.6(1)_ES04"
},
{
"status": "affected",
"version": "12.6(1)_ES05"
},
{
"status": "affected",
"version": "12.5(1)_ES15"
},
{
"status": "affected",
"version": "12.6(1)_ES06"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.5(1)_ES16"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES01"
},
{
"status": "affected",
"version": "12.6(1)_ES07"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.5(1)_ES17"
},
{
"status": "affected",
"version": "12.6(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES10"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ES01"
},
{
"status": "affected",
"version": "12.6(2)_ET01"
},
{
"status": "affected",
"version": "12.5(2)_ET"
},
{
"status": "affected",
"version": "12.6(2)_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ET_Streaming"
},
{
"status": "affected",
"version": "12.6(2)ET_Transcribe"
},
{
"status": "affected",
"version": "12.6(2)_ES03"
},
{
"status": "affected",
"version": "12.6(2)ET_NuanceMix"
},
{
"status": "affected",
"version": "12.6(2)ET_FileUpload"
},
{
"status": "affected",
"version": "12.6(2)_ET02"
},
{
"status": "affected",
"version": "12.6(2)_ES04"
},
{
"status": "affected",
"version": "12.6.2ET_RTPfallback"
},
{
"status": "affected",
"version": "12.6.2ET_CSCwf55306"
},
{
"status": "affected",
"version": "12.6.2_ET_CSCwj36712"
},
{
"status": "affected",
"version": "12.5.2 ET-CSCwj33374"
},
{
"status": "affected",
"version": "12.5(1) SU ET"
},
{
"status": "affected",
"version": "12.6(2)ET_CSCwj87296"
},
{
"status": "affected",
"version": "12.6(2)_ES05"
},
{
"status": "affected",
"version": "12.5.2_ET_CSCvz27014"
},
{
"status": "affected",
"version": "12.6(2)_ET"
},
{
"status": "affected",
"version": "12.6.2-ET"
},
{
"status": "affected",
"version": "12.6(2)ET_CSCwk83135"
},
{
"status": "affected",
"version": "12.6.2_ET_CX_ALAW"
},
{
"status": "affected",
"version": "12.6.2-ET01-SSL"
},
{
"status": "affected",
"version": "12.6(2)_ES06"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to excessive permissions that have been assigned to system commands.\u0026nbsp;An attacker could exploit this vulnerability by executing crafted commands on the underlying operating system. A successful exploit could allow the attacker to escape the restricted shell and gain root privileges on the underlying operating system of an affected device. To successfully exploit this vulnerability, an attacker would need administrative access to the ESXi hypervisor."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-268",
"description": "Privilege Chaining",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T16:19:24.562Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-kkhZbHR5",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-kkhZbHR5"
}
],
"source": {
"advisory": "cisco-sa-cucm-kkhZbHR5",
"defects": [
"CSCwi52980"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unified Communications Products Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20112",
"datePublished": "2025-05-21T16:19:24.562Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-05-22T03:55:22.658Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}