Cisco has released several security patches, including one for a critical issue, tracked as CVE-2020-3280, in the call-center software Unified Contact Center Express. The issue is a remote code execution issue that resides in the Java remote management interface for Unified CCE. An unauthenticated, remote attacker could exploit the issue to execute arbitrary code as the root user on a vulnerable device. The good news is that Cisco is not aware of attacks in the wild that exploited the flaw.”]
Source: https://securityaffairs.co/wordpress/103765/security/cisco-unified-contact-center-express-flaw.html