Cisco fastened a essential flaw this week that impacts a number of Unified Communications and Contact Middle Options merchandise and could possibly be exploited remotely by unauthenticated attackers to execute arbitrary code on impacted gadgets. Medium severity vulnerabilities have additionally been patched in Cisco Small Enterprise Collection Switches and Cisco Unity Connection.
The essential bug is tracked as CVE-2024-20253 and is rated 9.9 out of 10 on the CVSS severity scale. It’s attributable to insecure processing of user-supplied information that’s being loaded into reminiscence and could be exploited by sending a specifically crafted message to one of many community communication ports opened on the machine.
“A profitable exploit may permit the attacker to execute arbitrary instructions on the underlying working system with the privileges of the net providers consumer,” Cisco mentioned in its advisory. “With entry to the underlying working system, the attacker may additionally set up root entry on the affected machine.”
The CVE-2024-20253 vulnerability impacts a number of merchandise of their default configurations together with Unified Communications Supervisor (Unified CM), Unified Communications Supervisor IM & Presence Service (Unified CM IM&P), Unified Communications Supervisor Session Administration Version (Unified CM SME), Unified Contact Middle Specific (UCCX), Unity Connection and Virtualized Voice Browser.
Cisco Unified Communications is a product suite for enterprises to unify voice, video, and information communications over IP-based networks. The Unified Communications Supervisor is used for name management and session administration and Unity Connection is a unified messaging resolution that enables customers to entry messages from lets customers entry messages from an e-mail inbox, internet browser, Cisco Jabber, Cisco Unified IP Telephone, smartphone, or pill.
Cisco clients urged to patch merchandise or mitigate the vulnerability
Prospects are urged to deploy the launched patches for all of the impacted merchandise as quickly as attainable, but when they should delay patching they need to place the susceptible gadgets between firewalls or switches that implement entry management lists and solely permit entry to ports mandatory for deployed providers. Safety greatest practices and hardening guides can be found for each Cisco Unified Communications Supervisor and Cisco Unified ICM/Contact Middle Enterprise.
