CVE-2020-3267

Name of the Vulnerable Software and Affected Versions Cisco Unified Contact Center Express (affected versions not specified)

Description The issue is related to insufficient authorization enforcement in the API subsystem, allowing an authenticated, remote attacker to change the availability state of any agent. This could be achieved by authenticating to the system with valid agent credentials and performing a specific API call with crafted input, potentially causing a denial of service condition.

Recommendations For all affected versions, consider restricting access to the API subsystem until a fix is available. As a temporary workaround, limit the ability of agents to change their availability state through the API to minimize the risk of exploitation. Avoid using crafted input in API calls to prevent potential denial of service conditions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.