{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T03:02:13.378","vulnerabilities":[{"cve":{"id":"CVE-2025-20242","sourceIdentifier":"psirt@cisco.com","published":"2025-05-21T17:15:56.190","lastModified":"2025-07-11T15:20:30.753","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device.\r\n\r This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device."},{"lang":"es","value":"Una vulnerabilidad en el componente Cloud Connect de Cisco Unified Contact Center Enterprise (CCE) podría permitir que un atacante remoto no autenticado lea y modifique datos en un dispositivo afectado. Esta vulnerabilidad se debe a la falta de controles de autenticación adecuados. Un atacante podría explotar esta vulnerabilidad enviando datos TCP manipulados a un puerto específico del dispositivo afectado. Una explotación exitosa podría permitir al atacante leer o modificar datos en el dispositivo afectado."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:unified_contact_center_enterprise:12.6\\(2\\)es2:*:*:*:*:*:*:*","matchCriteriaId":"11A9BD62-6781-4C09-B711-F2FD8CF5050D"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-contcent-insuffacces-ArDOVhN8","source":"psirt@cisco.com","tags":["Vendor Advisory"]}]}}]}