What is CVE-2019-1888?

CVE-2019-1888 is a high-severity vulnerability in Cisco Unified Contact Center Express, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 7.2/10. Published 2020-09-23.

How severe is CVE-2019-1888?

High severity. CVSS v3 base score is 7.2 out of 10.

Arbitrary file upload in Cisco Unified Contact Center Express

CVE-2019-1888

A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To e…

Vulnerability class: Unrestricted File Upload

EPSS: 0.011 (78.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Unified Contact Center Express — versions n/a

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

20200219 Cisco Unified Contact Center Express Privilege Escalation Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2019-1888?: CVE-2019-1888 is a high-severity vulnerability in Cisco Unified Contact Center Express, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 7.2/10. Published 2020-09-23.
How severe is CVE-2019-1888?: High severity. CVSS v3 base score is 7.2 out of 10.