CVE-2025-20377
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system.
This vulnerability is due to improper validation of requests to certain API endpoints. An attacker could exploit this vulnerability by sending a valid request to a specific API endpoint within the affected system. A successful exploit could allow a low-privileged user to view sensitive information on the affected system that should be restricted. To exploit this vulnerability, the attacker must have valid user credentials on the affected system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Packaged Contact Center Enterprise | 12.5(1) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 11.0(1) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 12.0(1) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 11.0(2) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 11.5(1) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 10.5(1) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 10.5(2) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 11.6(2) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 10.5(1)_ES7 | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 11.6(1) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 10.5(2)_ES8 | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 12.6(1) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 12.5(2) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 12.6(2) | affected |
| Cisco | Cisco Packaged Contact Center Enterprise | 15.0(1) | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(1)ES3 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(1)ES1 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(1) | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(1)ES2 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(1)SecurityPatch | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.5(1)ES1 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.5(1) | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(1)ES4 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 11.0(1) | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 10.5(1) | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.0(1) | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 10.5 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 11.0 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 11.5 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(2) | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(2)ES1 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(2)ES2 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 15.0(1) | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 12.6(2)ES3 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 15.0(1)ET01 | affected |
| Cisco | Cisco Unified Contact Center Enterprise | 15.0(1)_SP1 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.5(1)SU1 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.6(1) | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(1) | affected |
| Cisco | Cisco Unified Contact Center Express | 10.6(1)SU1 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.6(1)SU3 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2) | affected |
| Cisco | Cisco Unified Contact Center Express | 12.0(1) | affected |
| Cisco | Cisco Unified Contact Center Express | 11.0(1)SU1 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.5(1)SU1 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.5(1) | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1) | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)SU1 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)SU2 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)SU3 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU03_ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU03_ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU02_ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU02_ES04 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU02_ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU01_ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU01_ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU02_ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2)ES07 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2)ES08 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU01_ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.0(1)ES04 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2)ES06 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.0(1)ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.0(1)ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2)ES05 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.0(1)ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2)ES04 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2)ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2)ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(2)ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.6(1)SU3ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.0(1)SU1ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.6(1)SU3ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.5(1)SU1ES10 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.5(1)SU1ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(1)ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.5(1)ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.6(1)SU2 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.6(1)SU2ES04 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.6(1)ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 10.6(1)SU3ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.5(1)SU1ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.5(1)SU1ES01 | affected |
| Cisco | Cisco Unified Contact Center Express | 11.0(1)SU1ES02 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU03_ES03 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU03_ES04 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU03_ES05 | affected |
| Cisco | Cisco Unified Contact Center Express | UCCX 15.0.1 | affected |
| Cisco | Cisco Unified Contact Center Express | 12.5(1)_SU03_ES06 | affected |
| Cisco | Cisco Unified Intelligence Center | 11.6(1) | affected |
| Cisco | Cisco Unified Intelligence Center | 10.5(1) | affected |
| Cisco | Cisco Unified Intelligence Center | 11.0(1) | affected |
| Cisco | Cisco Unified Intelligence Center | 11.5(1) | affected |
| Cisco | Cisco Unified Intelligence Center | 12.0(1) | affected |
| Cisco | Cisco Unified Intelligence Center | 12.5(1) | affected |
| Cisco | Cisco Unified Intelligence Center | 11.0(2) | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6(1) | affected |
| Cisco | Cisco Unified Intelligence Center | 12.5(1)SU | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6(1)_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6(1)_ES05_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 11.0(3) | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6(2) | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6(2)_504_Issue_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6.1_ExcelIssue_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6(2)_Permalink_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6.2_CSCwk19536_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6.2_CSCwm96922_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6.2_Amq_OOS_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.5(2)ET_CSCwi79933 | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6(2)_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6.2_CSCwn48501_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 15.0(1) | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6.2_CSCwp61293_ET | affected |
| Cisco | Cisco Unified Intelligence Center | 12.6.2_CSCwp92614_ET | affected |
Weaknesses
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.