What is CVE-2020-3267?

CVE-2020-3267 is a medium-severity vulnerability in Cisco Unified Contact Center Express, classified under Improper Authorization. CVSS score: 5.4/10. Published 2020-06-03.

How severe is CVE-2020-3267?

Medium severity. CVSS v3 base score is 5.4 out of 10.

Auth bypass in Cisco Unified Contact Center Express

CVE-2020-3267

A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization…

EPSS: 0.003 (56.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L.

Affected products

Cisco Unified Contact Center Express — versions n/a

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

20200603 Cisco Unified Contact Center Express Improper API Authorization Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3267?: CVE-2020-3267 is a medium-severity vulnerability in Cisco Unified Contact Center Express, classified under Improper Authorization. CVSS score: 5.4/10. Published 2020-06-03.
How severe is CVE-2020-3267?: Medium severity. CVSS v3 base score is 5.4 out of 10.