What is CVE-2020-3280?

CVE-2020-3280 is a critical-severity vulnerability in Cisco Unified Contact Center Express, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2020-05-22.

How severe is CVE-2020-3280?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2020-3280 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Cisco Unified Contact Center Express

CVE-2020-3280

A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to inse…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.063 (91.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Unified Contact Center Express — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

PalindromeLabs/Java-Deserialization-CVEs

References

20200520 Cisco Unified Contact Center Express Remote Code Execution Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2020-3280?: CVE-2020-3280 is a critical-severity vulnerability in Cisco Unified Contact Center Express, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2020-05-22.
How severe is CVE-2020-3280?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2020-3280 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.