On May 20, 2020, Cisco Systems repaired a crucial remote code execution vulnerability present in the Unified Contact Center Express solution. Along with this, the tech space witnessed a frenzy of patches and bug releases announced by Adobe, Microsoft, and Google.
More about the bug
The bug that was fixed early this week was discovered in Unified CCX’s Java Remote Management Interface. The primary reason for the crucial Cisco flaw (with a CVSS base score of 9.8) is the insecure de-serialization of the content supplied by users.
Additionally, Cisco was also involved in repairing four other bugs like denial of service (DOS) vulnerability in the DHCP server of the Prime Network Registrar, which were of high importance, and three other bugs that were categorized as of medium importance.
Threat
In an advisory by Cisco, the company mentions that the dubious threat actors could misuse it with malevolent serialized Java objects with an aim to play the arbitrary code as the root user.
List of other patches announced by Adobe Systems, Google, and Microsoft this week
Adobe Systems announced security patches for three crucial information disclosure bugs present in Premiere Pro (CVE-2020-9616), Audition (CVE-2020-9618), and Premiere Rush (CVE-2020-9617).
Google notified about its most recent iteration, namely, Chrome browser version 83.0.4103.61 for Windows, Mac, and Linux, which addresses 38 bugs. The company categorizes five of them high, after including a use-after-free in reader mode that garnered USD 20,000 bug bounty.
Microsoft repaired an elevation of privilege vulnerability in its Chromium-based Edge browser (CVE-2020-1195).