CVE-2025-20374 - 漏洞详情

CVE-2025-20374 (CNNVD-202511-399)

MEDIUM

中文标题:

Cisco Unified Contact Center Express 路径遍历漏洞

英文标题:

Cisco Unified Contact Center Express Arbitrary File Download Vulnerability

CVSS分数: 4.9

发布时间: 2025-11-05 16:31:23

漏洞类型: 路径遍历

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Cisco Unified Contact Center Express（Unified CCX）是美国思科（Cisco）公司的一款统一通信解决方案中的客户关系管理组件。该组件支持自助语音服务、呼叫分配和客户访问控制等功能。 Cisco Unified Contact Center Express（Unified CCX）存在路径遍历漏洞，该漏洞源于特定UI功能输入验证不足，可能导致目录遍历攻击。

英文描述:

A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is due to an insufficient input validation associated to specific UI features. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to arbitrary files on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials.

CWE类型:

CWE-22

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Cisco	Cisco Unified Contact Center Express	10.5(1)SU1	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.5(1)su1:::::::*`
Cisco	Cisco Unified Contact Center Express	10.6(1)	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.6(1):::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(1)	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(1):::::::*`
Cisco	Cisco Unified Contact Center Express	10.6(1)SU1	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.6(1)su1:::::::*`
Cisco	Cisco Unified Contact Center Express	10.6(1)SU3	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.6(1)su3:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2):::::::*`
Cisco	Cisco Unified Contact Center Express	12.0(1)	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.0(1):::::::*`
Cisco	Cisco Unified Contact Center Express	11.0(1)SU1	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.0(1)su1:::::::*`
Cisco	Cisco Unified Contact Center Express	11.5(1)SU1	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.5(1)su1:::::::*`
Cisco	Cisco Unified Contact Center Express	10.5(1)	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.5(1):::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1):::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)SU1	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)su1:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)SU2	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)su2:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)SU3	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)su3:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU03_ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su03_es01:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU03_ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su03_es02:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU02_ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su02_es03:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU02_ES04	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su02_es04:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU02_ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su02_es02:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU01_ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su01_es02:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU01_ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su01_es03:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU02_ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su02_es01:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)ES07	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2)es07:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)ES08	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2)es08:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU01_ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su01_es01:::::::*`
Cisco	Cisco Unified Contact Center Express	12.0(1)ES04	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.0(1)es04:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)es02:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)es03:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)ES06	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2)es06:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)es01:::::::*`
Cisco	Cisco Unified Contact Center Express	12.0(1)ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.0(1)es03:::::::*`
Cisco	Cisco Unified Contact Center Express	12.0(1)ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.0(1)es01:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)ES05	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2)es05:::::::*`
Cisco	Cisco Unified Contact Center Express	12.0(1)ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.0(1)es02:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)ES04	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2)es04:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2)es03:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2)es02:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(2)ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(2)es01:::::::*`
Cisco	Cisco Unified Contact Center Express	10.6(1)SU3ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.6(1)su3es03:::::::*`
Cisco	Cisco Unified Contact Center Express	11.0(1)SU1ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.0(1)su1es03:::::::*`
Cisco	Cisco Unified Contact Center Express	10.6(1)SU3ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.6(1)su3es01:::::::*`
Cisco	Cisco Unified Contact Center Express	10.5(1)SU1ES10	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.5(1)su1es10:::::::*`
Cisco	Cisco Unified Contact Center Express	11.5(1)SU1ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.5(1)su1es03:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(1)ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(1)es02:::::::*`
Cisco	Cisco Unified Contact Center Express	11.5(1)ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.5(1)es01:::::::*`
Cisco	Cisco Unified Contact Center Express	10.6(1)SU2	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.6(1)su2:::::::*`
Cisco	Cisco Unified Contact Center Express	10.6(1)SU2ES04	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.6(1)su2es04:::::::*`
Cisco	Cisco Unified Contact Center Express	11.6(1)ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.6(1)es01:::::::*`
Cisco	Cisco Unified Contact Center Express	10.6(1)SU3ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:10.6(1)su3es02:::::::*`
Cisco	Cisco Unified Contact Center Express	11.5(1)SU1ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.5(1)su1es02:::::::*`
Cisco	Cisco Unified Contact Center Express	11.5(1)SU1ES01	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.5(1)su1es01:::::::*`
Cisco	Cisco Unified Contact Center Express	11.0(1)SU1ES02	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:11.0(1)su1es02:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU03_ES03	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su03_es03:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU03_ES04	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su03_es04:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU03_ES05	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su03_es05:::::::*`
Cisco	Cisco Unified Contact Center Express	UCCX 15.0.1	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:uccx_15.0.1:::::::*`
Cisco	Cisco Unified Contact Center Express	12.5(1)_SU03_ES06	-	-	`cpe:2.3:a:cisco:cisco_unified_contact_center_express:12.5(1)_su03_es06:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

cisco-sa-cc-mult-vuln-gK4TFXSn OTHER
cve.org

访问

CVSS评分详情

3.1 (cna)

MEDIUM

4.9

CVSS向量: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

机密性

HIGH

完整性

NONE

可用性

NONE

时间信息

发布时间:

2025-11-05 16:31:23

修改时间:

2025-11-05 20:11:12

创建时间:

2025-11-11 15:40:09

更新时间:

2025-11-11 16:00:22

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2025-20374`	2025-11-11 15:23:05	2025-11-11 07:40:09
NVD	`nvd_CVE-2025-20374`	2025-11-11 15:01:08	2025-11-11 07:48:00
CNNVD	`cnnvd_CNNVD-202511-399`	2025-11-11 15:13:01	2025-11-11 08:00:22

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 16:00:22

vulnerability_type: 未提取 → 路径遍历; cnnvd_id: 未提取 → CNNVD-202511-399; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 路径遍历
cnnvd_id: 未提取 -> CNNVD-202511-399
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:48:00

data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2025-20374 (CNNVD-202511-399)

中文标题:

Cisco Unified Contact Center Express 路径遍历漏洞

英文标题:

Cisco Unified Contact Center Express Arbitrary File Download Vulnerability

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.1 (cna)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史