A cybersecurity researcher has discovered a vulnerability in several of Cisco’s Unified Communications Manager and Contact Center Solutions products. The maximum severity vulnerability, designated CVE-2024-20253 and given a CVSS rating of 9.8/10, is caused by improper processing of user-provided data read into memory.
When exploited, this could allow an unauthenticated, remote threat actor to execute arbitrary code simply by sending a specially crafted message to the vulnerable device.
Cisco has not observed any exploitation of the vulnerability in the wild.
Cisco has advised users of the affected products to install the latest security patches as soon as possible. Until then, users are advised to implement strict Access Control Lists (ACLs) on devices that separate the Cisco Unified Communications or Cisco Contact Center Solutions appliances from users and the rest of the network.
Source: Bleeping Computer
Analysis
Given that Cisco's Unified Communications and Contact Center Solutions products help provide organizations with voice, video, messaging, and customer management services, any disruption of these appliances would have a significant impact on a company’s operations and the confidentiality of its data.
Fortunately, this vulnerability was proactively discovered and responsibly disclosed to the vendor by a security researcher. This will no doubt limit the overall impact this threat has on affected Cisco devices as threat actors will have a small window to develop and deploy an exploit against vulnerable appliances.
Mitigation
Field Effect’s elite team of Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities discovered in software, appliances and operating systems. This research contributes to the timely deployment of signatures into Covalence to detect and mitigate the exploitation of these vulnerabilities. Covalence users are automatically notified when vulnerable software is detected in their environment and are encouraged to review these AROs as quickly as possible via the Covalence portal.
Field Effect strongly encourages users of affected Cisco products to install the latest security patch as soon as possible per Cisco’s advisory.
Related articles