Cisco Unified Contact Center Express — known CVE vulnerabilities
Every CVE whose affected-product data names Cisco Unified Contact Center Express, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVE-2024-20253 — CVSS 9.9 (critical): A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote…
CVE-2020-3280 — CVSS 9.8 (critical): A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an…
CVE-2017-12337 — CVSS 9.8 (critical): A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could…
CVE-2025-20354 — CVSS 9.8 (critical): A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow an unauthenticated, remote attacker to…
CVE-2018-0403 — CVSS 9.8 (critical): Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an…
CVE-2022-20658 — CVSS 9.6 (critical): A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified…
CVE-2025-20358 — CVSS 9.4 (critical): A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker…
CVE-2016-6427 — CVSS 8.8 (high): Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified…
CVE-2018-0402 — CVSS 8.8 (high): Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an…
CVE-2010-1570 — CVSS 7.8 (high): The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2)…
CVE-2010-1571 — CVSS 7.8 (high): Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2)…
CVE-2020-3177 — CVSS 7.5 (high): A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified…
CVE-2016-6426 — CVSS 7.5 (high): The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact…
CVE-2017-6779 — CVSS 7.5 (high): Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration…
CVE-2019-12633 — CVSS 7.5 (high): A vulnerability in Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to bypass access…
CVE-2019-1888 — CVSS 7.2 (high): A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated…
CVE-2025-20113 — CVSS 7.1 (high): A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator…
CVE-2020-3267 — CVSS 7.1 (high): A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to…
CVE-2023-20062 — CVSS 6.5 (medium): Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive…
CVE-2023-20061 — CVSS 6.5 (medium): Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive…
CVE-2025-20375 — CVSS 6.5 (medium): A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files…
CVE-2025-20376 — CVSS 6.5 (medium): A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files…
CVE-2025-20274 — CVSS 6.3 (medium): A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to…
CVE-2018-0401 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an…
CVE-2023-20058 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker…
CVE-2021-1463 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote…
CVE-2018-0400 — CVSS 6.1 (medium): Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an…
CVE-2017-6722 — CVSS 6.1 (medium): A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of Cisco Unified Contact Center Express (UCCx) could allow…
CVE-2016-6425 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact…
CVE-2016-1298 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow…
CVE-2019-15278 — CVSS 6.1 (medium): A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass…
CVE-2019-15259 — CVSS 6.1 (medium): A vulnerability in Cisco Unified Contact Center Express (UCCX) Software could allow an unauthenticated, remote attacker to conduct an HTTP…
CVE-2025-20278 — CVSS 6.0 (medium): A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute…
CVE-2025-20288 — CVSS 5.8 (medium): A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker…
CVE-2023-20096 — CVSS 5.4 (medium): A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated…
CVE-2025-20275 — CVSS 5.3 (medium): A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated…
CVE-2023-20232 — CVSS 5.3 (medium): A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote…
CVE-2011-2583 — CVSS 5.0 (medium): Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows remote attackers to cause a denial of service via network traffic, as…
CVE-2025-20374 — CVSS 4.9 (medium): A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and…
CVE-2025-20279 — CVSS 4.8 (medium): A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a…
CVE-2019-12626 — CVSS 4.8 (medium): A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated…
CVE-2021-1395 — CVSS 4.7 (medium): A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker…
CVE-2025-20114 — CVSS 4.3 (medium): A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal…
CVE-2025-20129 — CVSS 4.3 (medium): A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an…
CVE-2025-20276 — CVSS 3.8 (low): A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute…
CVE-2025-20277 — CVSS 3.4 (low): A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute…