Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified Communications Products Remote Code Execution Vulnerability

cisco-sa-cucm-rce-bWNzQcUm · Critical · Published · Updated

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability. However, a mitigation is available.

Establish access control lists (ACLs) on intermediary devices that separate the Cisco Unified Communications or Cisco Contact Center Solutions cluster from users and the rest of the network to allow access only to the ports of deployed services. The port list will vary depending on the voice products and services in use. Some ports are ephemeral and will change after a restart.

For more information, see the Cisco Unified Communications Manager TCP and UDP Port Usage Overview section of the System Configuration Guide for Cisco Unified Communications Manager, Release 14 and SUs https://www.cisco.com/content/en/us/td/docs/voice_ip_comm/cucm/admin/14/systemConfig/cucm_b_system-configuration-guide-14su2/cucm_m_tcp-and-udp-port-usage-12-0.html or the version that corresponds with the deployed release, or the latest Port Utilization Guide for Cisco Unified Contact Center Solutions https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_12_5_1/configuration/guide/ucce_b_port-utilization_12_5/ucce_b_port-utilization_12_5_chapter_01000.html .

Additionally, follow the best practices that are described in the latest Security Guide for Cisco Unified Communications Manager https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/14SU2/cucm_b_security-guide-14su2/cucm_m_os-hardening.html or the latest Security Guide for Cisco Unified ICM/Contact Center Enterprise https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/icm_enterprise/icm_enterprise_12_5_1/configuration/guide/ucce_b_125-security-guide/ucce_b_125-security-guide_chapter_0100.html .

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2024-20253
Cisco Bug IDsCSCwe18830, CSCwe18773, CSCwe18840, CSCwd64292, CSCwd64245, CSCwd64276
CVSS ScoreBase 9.9
Base 9.9 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Unified Contact Center Enterprise, Cisco Unity Connection, Cisco Unified Communications Manager, Cisco Unified Contact Center Express, Cisco Unified Communications Manager IM and Presence Service, Cisco Virtualized Voice Browser, Cisco Packaged Contact Center Enterprise, Cisco Unified Communications Manager / Cisco Unity Connection

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Packaged Contact Center Enterprise known_affected cisco_csaf CVE-2024-20253 1
Cisco Unified Communications Manager known_affected cisco_csaf CVE-2024-20253 1
Cisco Unified Communications Manager / Cisco Unity Connection known_affected cisco_csaf CVE-2024-20253 1
Cisco Unified Communications Manager IM and Presence Service known_affected cisco_csaf CVE-2024-20253 1
Cisco Unified Contact Center Enterprise known_affected cisco_csaf CVE-2024-20253 1
Cisco Unified Contact Center Express known_affected cisco_csaf CVE-2024-20253 1
Cisco Unity Connection known_affected cisco_csaf CVE-2024-20253 1
Cisco Virtualized Voice Browser known_affected cisco_csaf CVE-2024-20253 1

Related Products

Product CVE Evidence
Cisco Packaged Contact Center Enterprise CVE-2024-20253 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2024-20253 Cisco OpenVuln
Cisco Unified Communications Manager / Cisco Unity Connection CVE-2024-20253 Cisco OpenVuln
Cisco Unified Communications Manager IM and Presence Service CVE-2024-20253 Cisco OpenVuln
Cisco Unified Contact Center CVE-2024-20253 Cisco OpenVuln
Cisco Unified Contact Center Enterprise CVE-2024-20253 Cisco OpenVuln
Cisco Unified Contact Center Express CVE-2024-20253 Cisco OpenVuln
Cisco Unity CVE-2024-20253 Cisco OpenVuln
Cisco Unity Connection CVE-2024-20253 Cisco OpenVuln
Cisco Virtualized Voice Browser CVE-2024-20253 Cisco OpenVuln