Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN772
_____________________________________________________________________

DATE                : 05/11/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Unified Contact Center
                                      Express,
                     Cisco Identity Services Engine,
                     Cisco Contact Center Products.

=====================================================================
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
_____________________________________________________________________

Below is the list of Cisco Security Advisories published by Cisco
PSIRT on 2025-November-05.

The following PSIRT security advisories (1 Critical, 1 High, 2
Medium) were published at 16:00 UTC today.

Table of Contents:

1) Cisco Unified Contact Center Express Remote Code Execution
Vulnerabilities - SIR: Critical

2) Cisco Identity Services Engine RADIUS Suppression Denial of Service
Vulnerability - SIR: High

3) Multiple Cisco Contact Center Products Vulnerabilities - SIR:
Medium

4) Cisco Identity Services Engine Reflected Cross-Site Scripting
and Information Disclosure Vulnerabilities - SIR: Medium

+--------------------------------------------------------------------

1) Cisco Unified Contact Center Express Remote Code Execution
Vulnerabilities

CVE-2025-20354, CVE-2025-20358

SIR: Critical

CVSS Score v(3.1): 9.8

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ"]

+--------------------------------------------------------------------

2) Cisco Identity Services Engine RADIUS Suppression Denial of
Service Vulnerability

CVE-2025-20343

SIR: High

CVSS Score v(3.1): 8.6

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh"]

+--------------------------------------------------------------------

3) Multiple Cisco Contact Center Products Vulnerabilities

CVE-2025-20374, CVE-2025-20375, CVE-2025-20376, CVE-2025-20377

SIR: Medium

CVSS Score v(3.1): 6.5

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-mult-vuln-gK4TFXSn"]

+--------------------------------------------------------------------

4) Cisco Identity Services Engine Reflected Cross-Site Scripting
and Information Disclosure Vulnerabilities

CVE-2025-20289, CVE-2025-20303, CVE-2025-20304, CVE-2025-20305

SIR: Medium

CVSS Score v(3.1): 5.4

URL: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multiple-vulns-O9BESWJH"]


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================