Cisco Unified Communications and Contact Center Solutions Vulnerability: Arbitrary Code Execution

Summary

The vulnerability identified as CVE-2024-20253 in Cisco Unified Communications Manager and Contact Center Solutions products is a critical remote code execution vulnerability with a high CVSS score of 9.9. It allows an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with web services user privileges. The affected products include Unified Communications Manager, Unified CM IM & Presence, Unified CM Sesion Management Edition, Unified Contact Center Express, Unity Connection, and Virtualized Voice Browser. There are no workarounds, but organizations are advised to apply security updates as soon as possible and establish access control lists to separate vulnerable products from their networks. There is no known exploitation in the wild by ransomware groups, but taking necessary security precautions is recommended to prevent any potential exploitation.

News Articles

CyberIQs

CVE-2024-20253

How To Fix CVE-2024-20253 In Cisco Products – CyberIQs

Identified as CVE-2024-20253, a new critical Remote Code Execution (RCE) vulnerability has been revealed, posing a significant threat to Cisco Unified

10 months ago

OP Innovate

CVE-2024-20253

Unmasking CVE-2024-20253 - Critical-Risk RCE Vulnerability in Cisco Unified Communications Systems - OP INNOVATE

The critical flaw CVE-2024-20253 in Cisco's systems presents a severe threat, allowing unauthenticated remote code execution. With a high severity score, it impacts multiple Cisco products, necessitating immediate patch application or, alternatively, the implementation of ACLs for interim protection

10 months ago

Picus Security

CVE-2024-20253

CVE-2024-20253: Cisco Unified Comms Remote Code Execution Vulnerability

A critical remote code execution vulnerability was found in Cisco Unified Comms products. Check out this blog to learn about Cisco CVE-2024-20253 vulnerability.

10 months ago

More News...