| The name of the base system (platform): | Cisco Unified Communication Manager (CUCM) |
| Developers: | Cisco Systems |
| Last Release Date: | July 2012 |
| Technology: | IP-telephony |
Content |
History
2025: Cisco Solution Reveals Vulnerability to Gain Full Control Over Contact Center Servers
In early November, FSTEC sent a warning about the discovery of a critical vulnerability BDU:2025-13865[1] in the Cisco Unified Contact Center Enterprise (UCCE) contact center solution. The vulnerability was assessed as critical in 9.8 (out of 10) by CVSS version 3 and has already been fixed by the manufacturer. FSTEC experts advise[2] to owners of vulnerable solutions to promptly follow the manufacturer's recommendations and update Cisco contact centers to versions higher than 12.5 SU3 ES07 and 15.0 ES01.
Cisco UCCE is an integrated customer contact center management solution. Positioned as a "contact center in a box," designed for up to 400 agents. Can be integrated with Unified Communications Manager and Business Edition. It includes an intelligent call distribution system, interactive voice interaction (IVR), computer telephone integration (CTI), and applications for contact center operators and supervisors.
The vulnerability is related to the Java Remote Method Invocation (RMI) software interface, which can be used to force Cisco UCCE to perform unlimited loading of dangerous type files (CWE-434). True, the department does not yet have information about its operation "in wildlife," and the exploit has not been published for it.
 | The vulnerability allows an attacker to download a specially crafted file and execute arbitrary code with superuser rights on the server, "Kirill Levkin, MD Audit project manager, explained to TAdviser the danger of the vulnerability. - This actually gives full control over the contact center server: access to call processing scenarios, customer databases and integrations with CRM, the ability to transfer traffic, covert installation of backdoors and further movement over the network. |  |
Attackers can organize an attack on a corporate contact center and through it penetrate the internal network of the company. To protect against such an attack scenario, the expert recommends restricting access to RMI and administrative interfaces only from trusted IP addresses or via secure channels, isolating contact center servers from the rest of the network and activating anomaly monitoring in security systems. The key task is to prevent unauthorized access. The contact center is often closely connected to CRM and other business systems, so even a single compromise can quickly develop into a large-scale incident.
2012: Cisco Unified Communications Manager Business Edition 6000 (Unified CMBE 6000)
In the summer of 2012, Cisco prepared the expanded version of the Unified Communications Manager Business Edition communication center (IP-telephone exchange) to be launched on the market. The Cisco BE 6000 is capable of serving from 100 to 1 thousand subscribers (1.2 thousand lines, 50 offices), which meets the needs of medium-sized businesses. Sales of the product in Russia are expected to begin in the fall of 2012.
"The Unified Communication Manager Business Edition hardware uses the same software core as CallManager solutions to maximize call processing for large corporations. The difference lies in the price optimized for medium-sized businesses, simplified operation of the system, as well as in the fewer subscribers served by one station, "− comments Pavel Teplov, Business Development Manager of Cisco's" Technologies for Collaboration "division in Russia/CIS.
Like the previously released Cisco BE 3000, Unified Communications Manager Business Edition 6000 supports analog, IP and video telephones, allows you to use software clients as corporate communications (including the Cisco Jabber and Cisco WebEx multimedia and unified communications application families). The system also supports the functions of subscriber availability control (Presence), instant messaging, collaboration and conference on computers and laptops with Windows and Mac OS operating systems, on tablet devices and smartphones.
The new solution makes it possible to deploy five virtual unified communications services on the basis of one platform: Unified Communications Manager (IP-PBX), Unity Connection (voice mail system), Unified Presence (subscriber availability control and instant messaging), Unified Contact Center Express (contact center for a maximum of 400 operators) and Provisioning Manager (tool for automating subscriber base management tasks).
The Unified Contact Center Express service deserves special attention, which allows organizing the work of contact center operators on the basis of the BE 6000. The Cisco BE 6000 is ready to serve up to 100 call center operators, and if necessary, their number can be increased to 400 by using an additional server.
"According to global statistics, 80 percent of contact centers have less than 100 workplaces. Thus, the Cisco BE 6000 device can be used not only as a corporate IP-PBX, but also as a full-fledged contact center," − says Vladimir Dolgov, consulting engineer at Cisco Technologies for Collaboration in Russia/CIS.
2011: Cisco Unified Communications Manager Business Edition 3000 (Unified CMBE 3000)
The new IP-telephone exchange Cisco Unified Communications Manager Business Edition 3000 (Unified CMBE 3000), designed for small and medium-sized businesses, entered the Russian market in November 2011. Up to 300 users and 10 offices can be connected to this device. It guarantees high quality voice communication, has an expanded set of telephony functions, supports analog phones, allows you to use mobile sets of employees for corporate calls and includes two ports in the solution - E1 and SIP trunks.
By upgrading to the Cisco Unified CMBE 3000, enterprises will be able to ensure continuous availability of staff anywhere, improve customer service and satisfaction, and increase productivity by sharing information more quickly and accurately.
This solution includes built-in systems for scheduled, on-demand, and voice mail conferencing. It supports the functions of parking, call transfer and hold, transfer of calls to mobile sets of employees. The Cisco Unified CMBE 3000 is based on a specialized MCS 7890 device that provides centralized call processing in several offices and implements the functions of automatic assistant (voice menu), mobility (including for organizing remote work and providing a single number), equipment status monitoring, backup and data recovery.
The Cisco Unified CMBE 3000 features maximum ease of management and speed of implementation. Administration is carried out through an intuitive web interface with a standard simple menu in Russian. Tasks such as configuring user and phone profiles, voice mail accounts, or even configuring E1/SIP connections do not require special training. The solution is seamlessly integrated with personal computers, laptops, IP softphones for PC and MAC.
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |