CVE-2019-1888 – Cisco Unified Contact Center Express Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2019-1888

25 Feb 2020 — A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operatin... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-privesc-Zd7bvwyf • CWE-434: Unrestricted Upload of File with Dangerous Type •