Cisco mounted a vital flaw this week that impacts a number of Unified Communications and Contact Middle Options merchandise and may very well be exploited remotely by unauthenticated attackers to execute arbitrary code on impacted units. Medium severity vulnerabilities have additionally been patched in Cisco Small Enterprise Collection Switches and Cisco Unity Connection.
The vital bug is tracked as CVE-2024-20253 and is rated 9.9 out of 10 on the CVSS severity scale. It’s brought on by insecure processing of user-supplied knowledge that’s being loaded into reminiscence and might be exploited by sending a specifically crafted message to one of many community communication ports opened on the system.
“A profitable exploit might permit the attacker to execute arbitrary instructions on the underlying working system with the privileges of the online companies person,” Cisco stated in its advisory. “With entry to the underlying working system, the attacker might additionally set up root entry on the affected system.”
The CVE-2024-20253 vulnerability impacts a number of merchandise of their default configurations together with Unified Communications Supervisor (Unified CM), Unified Communications Supervisor IM & Presence Service (Unified CM IM&P), Unified Communications Supervisor Session Administration Version (Unified CM SME), Unified Contact Middle Specific (UCCX), Unity Connection and Virtualized Voice Browser.
Cisco Unified Communications is a product suite for enterprises to unify voice, video, and knowledge communications over IP-based networks. The Unified Communications Supervisor is used for name management and session administration and Unity Connection is a unified messaging answer that permits customers to entry messages from lets customers entry messages from an e-mail inbox, internet browser, Cisco Jabber, Cisco Unified IP Telephone, smartphone, or pill.
Cisco prospects urged to patch merchandise or mitigate the vulnerability
Prospects are urged to deploy the launched patches for all of the impacted merchandise as quickly as attainable, but when they must delay patching they need to place the susceptible units between firewalls or switches that implement entry management lists and solely permit entry to ports mandatory for deployed companies. Safety greatest practices and hardening guides can be found for each Cisco Unified Communications Supervisor and Cisco Unified ICM/Contact Middle Enterprise.
