Rewterz

Rewterz Threat Alert – COVID-19 Themed Android Malware Steals SMS and Contacts

May 21, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-3184 – Cisco Prime Collaboration Provisioning Software SQL Injection Vulnerability

May 21, 2020

Rewterz Threat Advisory – CVE-2020-3280 – Cisco Unified Contact Center Express Remote Code Execution Vulnerability

Severity

High

Analysis Summary

Cisco Unified Contact Center Express could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the Java Remote Management Interface. By sending specially-crafted serialized Java object, an attacker could exploit this vulnerability to execute arbitrary code as root on the system.

Impact

Execute arbitrary code

Affected Vendors

Cisco

Affected Products

Cisco Unified CCX software

Remediation

Refer to Cisco Security Advisory cisco-sa-uccx-rce-GMSC6RKN for the list of affected products, upgraded patch.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.