www.belgium.be Logo of the federal government

WARNING: NEW REMOTE CODE EXECUTION VULNERABILITY IN MULTIPLE CISCO PRODUCTS, PATCH IMMEDIATELY!

Referentie: 
Advisory #2024-14
Versie: 
1.0
Geïmpacteerde software: 
Packaged Contact Center Enterprise (PCCE)
Unified Communications Manager (Unified CM)
Unified Communications Manager IM & Presence Service (Unified CM IM&P)
Unified Communications Manager Session Management Edition (Unified CM SME)
Unified Contact Center Enterprise (UCCE)
Unified Contact Center Express (UCCX)
Unity Connection
Virtualized Voice Browser (VVB)
Type: 
Remote code execution
CVE/CVSS: 

CVE-2024-20253
CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H)

Bronnen

Risico’s

CVE-2024-20253 is a vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

The impact on Integrity and Availability is Low, but the vulnerability has a High impact on Availability. The Attack Complexity is Low and there is no User Interaction required to exploit the vulnerability.

Beschrijving

As explained in the Cisco advisory: ‘An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.’

At the time of writing, Cisco has reported that there is no evidence that CVE-2024-20253 has been exploited in the wild.

Aanbevolen acties

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

Cisco has released free software updates that address the vulnerability. Please see the Cisco advisory for more information.

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

Referenties