Critical RCE Vulnerability in Cisco Unified Communications Products

The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code

Threat ID:: CC-4447
Threat Severity:: Medium
Published:: 1 February 2024 1:29 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code

Affected platforms

The following platforms are known to be affected:

Cisco Unified Communications Manager

Unified Communications Manager (Unified CM)
Unified Communications Manager IM & Presence Service (Unified CM IM&P)
Unified Communications Manager Session Management Edition (Unified CM SME)

The following platforms are also known to be affected:

Unified Contact Center Express (UCCX)
Unity Connection
Virtualized Voice Browser (VVB)

Threat details

Introduction

Cisco has released a security advisory to address a critical vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products. The vulnerability, CVE-2024-20253, has a CVSSv3 score of 9.9 and is due to the improper processing of user-provided data that is being read into memory.

An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.

Remediation advice

Affected organisations are encouraged to review the Cisco Security Advisory and apply the necessary updates.

Definitive source of threat updates

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm

CVE Vulnerabilities

Status Published

CVE-2024-20253

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.

Last edited: 1 February 2024 1:29 pm