Julien Egloff

**Name of the Vulnerable Software and Affected Versions** Cisco Secure Client (affected versions not specified) **Description** A lack of authentication on a specific function in the Network Access Manager (NAM) module could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This could enable the attacker to execute arbitrary code with SYSTEM privileges on an affected device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Cisco Unified Communications and Contact Center Solutions products (affected versions not specified) **Description** A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. Over 9,205 results are mainly distributed in the United States, China, and other countries, and some increased actor activities are shown targeting Cisco Packaged Contact Center Enterprise and other products. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netwrix Usercube versions prior to 6.0.215 **Description** The issue allows authentication bypass on deployment endpoints, leading to privilege escalation in certain misconfigured on-premises installations. This occurs when the configuration omits the required `restSettings.AuthorizedClientId` and `restSettings.AuthorizedSecret` fields for the "POST /api/Deployment/ExportConfiguration" and "POST /api/Deployment" endpoints. **Recommendations** For versions prior to 6.0.215, update to version 6.0.215 or later to resolve the issue. As a temporary workaround, consider configuring the required `restSettings.AuthorizedClientId` and `restSettings.AuthorizedSecret` fields to prevent authentication bypass. Restrict access to the "POST /api/Deployment/ExportConfiguration" and "POST /api/Deployment" endpoints until the issue is resolved.