cnvd - cnvd-2025-18194

cnvd-2025-18194

Vulnerability from cnvd

Title

Cisco Unified Intelligence Center任意文件上传漏洞

Description

Cisco Unified Intelligence Center是思科推出的基于Web的报表平台，主要用于整合联系中心数据并提供可视化报告功能。 Cisco Unified Intelligence Center Web接口存在任意文件上传漏洞，该漏洞源于缺少对文件校验，远程攻击者可利用该漏洞提交特殊的请求，可上传恶意文件，以Report Designer上下文执行任意代码。

Severity

低

Patch Name

Cisco Unified Intelligence Center任意文件上传漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-20274

Impacted products

Name
['Cisco Unified Intelligence Center 12.5', 'Cisco Unified Intelligence Center 12.6']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-20274",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-20274"
    }
  },
  "description": "Cisco Unified Intelligence Center\u662f\u601d\u79d1\u63a8\u51fa\u7684\u57fa\u4e8eWeb\u7684\u62a5\u8868\u5e73\u53f0\uff0c\u4e3b\u8981\u7528\u4e8e\u6574\u5408\u8054\u7cfb\u4e2d\u5fc3 \u6570\u636e\u5e76\u63d0\u4f9b\u53ef\u89c6\u5316\u62a5\u544a\u529f\u80fd\u3002\n\nCisco Unified Intelligence Center Web\u63a5\u53e3\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u5bf9\u6587\u4ef6\u6821\u9a8c\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\uff0c\u4ee5Report Designer\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-18194",
  "openTime": "2025-08-08",
  "patchDescription": "Cisco Unified Intelligence Center\u662f\u601d\u79d1\u63a8\u51fa\u7684\u57fa\u4e8eWeb\u7684\u62a5\u8868\u5e73\u53f0\uff0c\u4e3b\u8981\u7528\u4e8e\u6574\u5408\u8054\u7cfb\u4e2d\u5fc3 \u6570\u636e\u5e76\u63d0\u4f9b\u53ef\u89c6\u5316\u62a5\u544a\u529f\u80fd\u3002\r\n\r\nCisco Unified Intelligence Center Web\u63a5\u53e3\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u5bf9\u6587\u4ef6\u6821\u9a8c\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u53ef\u4e0a\u4f20\u6076\u610f\u6587\u4ef6\uff0c\u4ee5Report Designer\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified Intelligence Center\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Unified Intelligence Center 12.5",
      "Cisco Unified Intelligence Center 12.6"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-20274",
  "serverity": "\u4f4e",
  "submitTime": "2025-07-21",
  "title": "Cisco Unified Intelligence Center\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u6f0f\u6d1e"
}

CVE-2025-20274 (GCVE-0-2025-20274)

Vulnerability from cvelistv5

Published

2025-07-16 16:16

Modified

2025-07-17 13:07

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-434 - Unrestricted Upload of File with Dangerous Type

Summary

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system and execute arbitrary commands on the operating system. The Security Impact Rating (SIR) of this advisory has been raised to High because an attacker could elevate privileges to root. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Report Designer.

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-file-upload-UhNEtStm

Impacted products

Vendor

Product

Version

Cisco

Cisco Unified Contact Center Express

Version: 10.6(1)
Version: 10.5(1)SU1
Version: 10.6(1)SU3
Version: 12.0(1)
Version: 10.6(1)SU1
Version: 11.0(1)SU1
Version: 11.5(1)SU1
Version: 10.5(1)
Version: 11.6(1)
Version: 11.6(2)
Version: 12.5(1)
Version: 12.5(1)SU1
Version: 12.5(1)SU2
Version: 12.5(1)SU3
Version: 12.5(1)_SU03_ES01
Version: 12.5(1)_SU03_ES02
Version: 12.5(1)_SU02_ES03
Version: 12.5(1)_SU02_ES04
Version: 12.5(1)_SU02_ES02
Version: 12.5(1)_SU01_ES02
Version: 12.5(1)_SU01_ES03
Version: 12.5(1)_SU02_ES01
Version: 11.6(2)ES07
Version: 11.6(2)ES08
Version: 12.5(1)_SU01_ES01
Version: 12.0(1)ES04
Version: 12.5(1)ES02
Version: 12.5(1)ES03
Version: 11.6(2)ES06
Version: 12.5(1)ES01
Version: 12.0(1)ES03
Version: 12.0(1)ES01
Version: 11.6(2)ES05
Version: 12.0(1)ES02
Version: 11.6(2)ES04
Version: 11.6(2)ES03
Version: 11.6(2)ES02
Version: 11.6(2)ES01
Version: 10.6(1)SU3ES03
Version: 11.0(1)SU1ES03
Version: 10.6(1)SU3ES01
Version: 10.5(1)SU1ES10
Version: 11.5(1)SU1ES03
Version: 11.6(1)ES02
Version: 11.5(1)ES01
Version: 10.6(1)SU2
Version: 10.6(1)SU2ES04
Version: 11.6(1)ES01
Version: 10.6(1)SU3ES02
Version: 11.5(1)SU1ES02
Version: 11.5(1)SU1ES01
Version: 11.0(1)SU1ES02
Version: 12.5(1)_SU03_ES03
Version: 12.5(1)_SU03_ES04
Version: 12.5(1)_SU03_ES05
Version: 12.5(1)_SU03_ES06

Cisco

Cisco Unified Intelligence Center

Version: 11.6(1)
Version: 10.5(1)
Version: 11.0(1)
Version: 11.5(1)
Version: 12.0(1)
Version: 12.5(1)
Version: 11.0(2)
Version: 12.6(1)
Version: 12.5(1)SU
Version: 12.6(1)_ET
Version: 12.6(1)_ES05_ET
Version: 11.0(3)
Version: 12.6(2)
Version: 12.6(2)_504_Issue_ET
Version: 12.6.1_ExcelIssue_ET
Version: 12.6(2)_Permalink_ET
Version: 12.6.2_CSCwk19536_ET
Version: 12.6.2_CSCwm96922_ET
Version: 12.6.2_Amq_OOS_ET
Version: 12.5(2)ET_CSCwi79933
Version: 12.6(2)_ET
Version: 12.6.2_CSCwn48501_ET

Show details on NVD website