CVE-2025-20113 (GCVE-0-2025-20113)
Vulnerability from cvelistv5
Published
2025-05-21 16:19
Modified
2025-05-22 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Summary
A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.
This vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Cisco | Cisco Unified Contact Center Express |
Version: 10.6(1) Version: 10.5(1)SU1 Version: 10.6(1)SU3 Version: 12.0(1) Version: 10.0(1)SU1 Version: 10.6(1)SU1 Version: 11.0(1)SU1 Version: 11.5(1)SU1 Version: 10.5(1) Version: 11.6(1) Version: 11.6(2) Version: 12.5(1) Version: 12.5(1)SU1 Version: 12.5(1)SU2 Version: 12.5(1)SU3 Version: 12.5(1)_SU03_ES01 Version: 12.5(1)_SU03_ES02 Version: 12.5(1)_SU02_ES03 Version: 12.5(1)_SU02_ES04 Version: 12.5(1)_SU02_ES02 Version: 12.5(1)_SU01_ES02 Version: 12.5(1)_SU01_ES03 Version: 12.5(1)_SU02_ES01 Version: 11.6(2)ES07 Version: 11.6(2)ES08 Version: 12.5(1)_SU01_ES01 Version: 12.0(1)ES04 Version: 12.5(1)ES02 Version: 12.5(1)ES03 Version: 11.6(2)ES06 Version: 12.5(1)ES01 Version: 12.0(1)ES03 Version: 12.0(1)ES01 Version: 11.6(2)ES05 Version: 12.0(1)ES02 Version: 11.6(2)ES04 Version: 11.6(2)ES03 Version: 11.6(2)ES02 Version: 11.6(2)ES01 Version: 10.6(1)SU3ES03 Version: 11.0(1)SU1ES03 Version: 10.6(1)SU3ES01 Version: 10.5(1)SU1ES10 Version: 10.0(1)SU1ES04 Version: 11.5(1)SU1ES03 Version: 11.6(1)ES02 Version: 11.5(1)ES01 Version: 9.0(2)SU3ES04 Version: 10.6(1)SU2 Version: 10.6(1)SU2ES04 Version: 11.6(1)ES01 Version: 10.6(1)SU3ES02 Version: 11.5(1)SU1ES02 Version: 11.5(1)SU1ES01 Version: 8.5(1) Version: 11.0(1)SU1ES02 Version: 12.5(1)_SU03_ES03 Version: 12.5(1)_SU03_ES04 Version: 12.5(1)_SU03_ES05 Version: 12.5(1)_SU03_ES06 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20113",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T03:55:17.134Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES04"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES05"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES06"
}
]
},
{
"defaultStatus": "unknown",
"product": "Cisco Unified Intelligence Center",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.6(1)_ET"
},
{
"status": "affected",
"version": "12.6(1)_ES05_ET"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_504_Issue_ET"
},
{
"status": "affected",
"version": "12.6.1_ExcelIssue_ET"
},
{
"status": "affected",
"version": "12.6(2)_Permalink_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwk19536_ET"
},
{
"status": "affected",
"version": "12.6.2_CSCwm96922_ET"
},
{
"status": "affected",
"version": "12.5(2)ET_CSCwi79933"
},
{
"status": "affected",
"version": "12.6.2_CSCwn48501_ET"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\r\n\r\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T16:19:41.378Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cuis-priv-esc-3Pk96SU4",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4"
}
],
"source": {
"advisory": "cisco-sa-cuis-priv-esc-3Pk96SU4",
"defects": [
"CSCwk34893"
],
"discovery": "EXTERNAL"
},
"title": "Cisco Unified Intelligence Center Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20113",
"datePublished": "2025-05-21T16:19:41.378Z",
"dateReserved": "2024-10-10T19:15:13.210Z",
"dateUpdated": "2025-05-22T03:55:17.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-20113\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2025-05-21T17:15:55.620\",\"lastModified\":\"2025-07-22T14:41:12.307\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Cisco Unified Intelligence Center podr\u00eda permitir que un atacante remoto autenticado eleve privilegios a Administrador para un conjunto limitado de funciones en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente del lado del servidor de los par\u00e1metros proporcionados por el usuario en las solicitudes API o HTTP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando una solicitud API o HTTP manipulada a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder, modificar o eliminar datos m\u00e1s all\u00e1 del \u00e1mbito de su nivel de acceso previsto, incluyendo la obtenci\u00f3n de informaci\u00f3n potencialmente confidencial almacenada en el sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-602\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:10.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5601C191-19B9-4CC3-94E0-AB144A6BD02C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D92445EF-1107-456D-8F03-44BA2A385383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F4F7BC5-E393-4C85-93ED-8F8DBD81A383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.0\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD658DE5-84D2-4527-AF25-09F31572C184\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"060AFE51-F470-4B14-8D74-8B721129A37E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:11.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B59061B-ED98-47C6-A8CF-41CA11500AF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF881F48-7268-4A06-A72B-FEE1BD58A193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84C52246-9E02-434A-8E41-76B21DB3F25C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.5\\\\(1\\\\)su:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42B2688A-4E07-4EA0-8304-E168FB672202\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EAE9043-E488-4FBE-8A60-377F71D5D126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\)_es05_et:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45676746-8B75-4095-A4FF-9AC34CF0E72F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(1\\\\)_et:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D94589CB-61F9-474F-800A-5387FB4AEF9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:12.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A136173-603C-427A-AC03-76CBB6757C92\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:8.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED97AAD8-D02D-42AB-863A-7538A1F6D425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:9.0\\\\(2\\\\)su3es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1202DE4-CA67-424E-8379-2BC13630F0C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31854EAF-89B5-40BB-98E7-7EBB2E867C96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.0\\\\(1\\\\)su1es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE1194F1-9CF5-460E-AF26-FB7CDC1EE878\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C277058-F33F-4E60-AE89-658CB6558D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E255206-BDDB-4F0F-9ED7-3A3ACA74EF83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\)su1es10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE358FF2-CB8A-4E0D-926E-ED151B585E52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F83A65-F3AC-4F6B-97A3-9FC582683BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A766B903-E6DB-4838-90A7-63918C9F8AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1F0C70-E644-4DCA-93C2-6BCB331D08E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su2es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF54B434-E765-40B1-B12A-21FC7F415ACE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60839544-11E0-4381-A9AA-21D6FB403F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D8114CF-6689-4C97-BD5D-07CC8EEF35A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D90986B-64ED-44A1-9CF1-7C9FD27555FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\)su3es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"442E4715-5043-4BF7-8961-C8844A00A7B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0242DD9A-A5BB-4DE7-9218-7AE0FE2A65AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5002FAA-FE64-4AA7-B0D7-22084CCE0CE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\)su1es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C17A2AB-33B3-4089-A701-A29A4E55D667\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6FFA8B-248F-42C7-8A06-3F7E158386EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26A35E9A-FFFB-49AF-BA70-67F3EA54B9ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F529FE5-1DE8-43A5-88EE-0980D3A55BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"766350AF-1B2F-4DC0-9DA3-E17B45892163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.5\\\\(1\\\\)su1es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"702E48CC-3858-491C-A328-5D9ADDDC8DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20CF8B80-28C0-407B-BA60-1B07694A3DFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59A30F7B-9756-40BD-89C1-60E2702CC806\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29A15BB5-0725-4159-B387-74CFBF58F349\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82F5416D-0DF3-48BB-8A23-DBC2B0746195\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"908E3B03-7248-44B4-B0DE-E3B3F7FA9555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1705F343-BF9D-4EBC-B833-64F03EDD7C27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"686F6450-99FC-4260-B9CE-B7F313464EFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93851C02-3E0A-41F1-82BB-24546A83E272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10E25C7A-42B4-40CE-A13B-0252C05FCFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D0128C7-3FB4-42EE-B4D8-68EAAC4727A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A92970B-53FD-4ED6-95BC-FDC7BB6780CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.6\\\\(2\\\\)es08:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE8E4137-3059-46B0-B241-2AA42A3D959E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30A8784D-B7A6-4F13-B89D-4ED910CC0576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B368DEE7-7639-4D46-997B-2F2409712CAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B721320B-C72C-4550-B585-9F43439FAB25\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5F18549-A002-4106-9740-6B641E0ECF8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.0\\\\(1\\\\)es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFF4AD59-6A04-4473-84E0-D99D24D99BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9715BD0-F519-462E-ACF6-859B203638D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB2C8F59-78F2-4E3A-8261-F4EF214F691A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3117461-56A5-4957-8BE0-83F44B66AE3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su01_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B279AE4-9CF7-49F1-A4C3-D8A6301EF136\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"860ACAB6-5CB9-468C-90C4-B7C8E9559D2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB2D8357-773D-492F-BC5B-F672C4D736A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE0B3B5E-2C4C-473C-B7FB-F62AAC19744C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su02_es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D7EEFA-D04C-4769-8C62-B8B5902F79ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E31A16D3-3B40-42EA-BAC3-05A13082CED2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21F08B08-23C1-4AD7-AD67-34D196C8470E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05AD3A80-2409-475E-87F5-430E51C53087\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49165652-275C-4AD9-9585-2F130989D404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4480EF1-226E-459E-B2F5-3985A219BBD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)_su03_es06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A408698-6123-4772-8D11-FE89EBB135D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81728CDB-DD39-4DD9-BB82-6F2D8E3D1E2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F9AF5B-3670-4910-9AD8-C1FB90C7190B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)es03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78DAF852-5CA1-4D2B-948B-F0E9FB9DA973\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83EDDAAF-0746-4851-B7E5-60E4ED039D02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FBB3406-4AD0-41B1-AFC3-3FC6E7E01B10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\)su3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BF183D9-CDF6-44D9-B529-F13666A3EE07\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-20113\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-21T19:36:12.323340Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-21T19:36:14.637Z\"}}], \"cna\": {\"title\": \"Cisco Unified Intelligence Center Privilege Escalation Vulnerability\", \"source\": {\"defects\": [\"CSCwk34893\"], \"advisory\": \"cisco-sa-cuis-priv-esc-3Pk96SU4\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Contact Center Express\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(2)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES01\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES01\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES07\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES08\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES06\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES03\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES01\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES05\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES02\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES04\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES02\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES01\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES03\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1ES03\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES01\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1ES10\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1ES04\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(1)ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES01\"}, {\"status\": \"affected\", \"version\": \"9.0(2)SU3ES04\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU2\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU2ES04\"}, {\"status\": \"affected\", \"version\": \"11.6(1)ES01\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES01\"}, {\"status\": \"affected\", \"version\": \"8.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES05\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES06\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Intelligence Center\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(2)\"}, {\"status\": \"affected\", \"version\": \"12.6(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ET\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES05_ET\"}, {\"status\": \"affected\", \"version\": \"11.0(3)\"}, {\"status\": \"affected\", \"version\": \"12.6(2)\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_504_Issue_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.1_ExcelIssue_ET\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_Permalink_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwk19536_ET\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwm96922_ET\"}, {\"status\": \"affected\", \"version\": \"12.5(2)ET_CSCwi79933\"}, {\"status\": \"affected\", \"version\": \"12.6.2_CSCwn48501_ET\"}], \"defaultStatus\": \"unknown\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-priv-esc-3Pk96SU4\", \"name\": \"cisco-sa-cuis-priv-esc-3Pk96SU4\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.\\r\\n\\r\\nThis vulnerability is due to insufficient server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by submitting a crafted API or HTTP request to an affected system. A successful exploit could allow the attacker to access, modify, or delete data beyond the sphere of their intended access level, including obtaining potentially sensitive information stored in the system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-602\", \"description\": \"Client-Side Enforcement of Server-Side Security\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2025-05-21T16:19:41.378Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-20113\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-22T03:55:17.134Z\", \"dateReserved\": \"2024-10-10T19:15:13.210Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2025-05-21T16:19:41.378Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…