Lucene search
HistoryJan 26, 2024 - 6:15 p.m.
CVE-2024-20253
cve-2024-20253
cisco
unified communications
contact center
vulnerability
remote execution
arbitrary code
memory processing
nvd
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.1%
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
Affected configurations
Node
ciscounified_communications_managerRange<12.5\(1\)su8-
ORciscounified_communications_managerRange14.0–14su3
Node
ciscounified_communications_managerRange<12.5\(1\)su8session_management
ORciscounified_communications_managerRange14.0–14su3session_management
Node
ciscounified_communications_manager_im_and_presence_serviceRange<12.5\(1\)su8
ORciscounified_communications_manager_im_and_presence_serviceRange14.0–14.0su3
Node
ciscounity_connectionRange<12.5\(1\)su8
ORciscounity_connectionRange14.0–14su3
Node
ciscounified_contact_center_expressMatch12.5\(1\)-
Node
ciscovirtualized_voice_browserMatch12.5\(1\)
ORciscovirtualized_voice_browserMatch12.6\(1\)
ORciscovirtualized_voice_browserMatch12.6\(2\)
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco Unified Contact Center Enterprise",
"versions": [
{
"version": "N/A",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Unity Connection",
"versions": [
{
"version": "12.0(1)SU1",
"status": "affected"
},
{
"version": "12.0(1)SU2",
"status": "affected"
},
{
"version": "12.0(1)SU3",
"status": "affected"
},
{
"version": "12.0(1)SU4",
"status": "affected"
},
{
"version": "12.0(1)SU5",
"status": "affected"
},
{
"version": "12.5(1)",
"status": "affected"
},
{
"version": "12.5(1)SU1",
"status": "affected"
},
{
"version": "12.5(1)SU2",
"status": "affected"
},
{
"version": "12.5(1)SU3",
"status": "affected"
},
{
"version": "12.5(1)SU4",
"status": "affected"
},
{
"version": "12.5(1)SU5",
"status": "affected"
},
{
"version": "12.5(1)SU6",
"status": "affected"
},
{
"version": "12.5(1)SU7",
"status": "affected"
},
{
"version": "14",
"status": "affected"
},
{
"version": "14SU1",
"status": "affected"
},
{
"version": "14SU2",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Unified Communications Manager",
"versions": [
{
"version": "12.0(1)SU1",
"status": "affected"
},
{
"version": "12.0(1)SU2",
"status": "affected"
},
{
"version": "12.0(1)SU3",
"status": "affected"
},
{
"version": "12.0(1)SU4",
"status": "affected"
},
{
"version": "12.0(1)SU5",
"status": "affected"
},
{
"version": "12.5(1)",
"status": "affected"
},
{
"version": "12.5(1)SU1",
"status": "affected"
},
{
"version": "12.5(1)SU2",
"status": "affected"
},
{
"version": "12.5(1)SU3",
"status": "affected"
},
{
"version": "12.5(1)SU4",
"status": "affected"
},
{
"version": "12.5(1)SU5",
"status": "affected"
},
{
"version": "12.5(1)SU6",
"status": "affected"
},
{
"version": "12.5(1)SU7",
"status": "affected"
},
{
"version": "12.5(1)SU7a",
"status": "affected"
},
{
"version": "14",
"status": "affected"
},
{
"version": "14SU1",
"status": "affected"
},
{
"version": "14SU2",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Unified Contact Center Express",
"versions": [
{
"version": "8.5(1)",
"status": "affected"
},
{
"version": "9.0(2)SU3ES04",
"status": "affected"
},
{
"version": "10.0(1)SU1",
"status": "affected"
},
{
"version": "10.0(1)SU1ES04",
"status": "affected"
},
{
"version": "10.5(1)",
"status": "affected"
},
{
"version": "10.5(1)SU1",
"status": "affected"
},
{
"version": "10.5(1)SU1ES10",
"status": "affected"
},
{
"version": "10.6(1)",
"status": "affected"
},
{
"version": "10.6(1)SU1",
"status": "affected"
},
{
"version": "10.6(1)SU3",
"status": "affected"
},
{
"version": "10.6(1)SU2",
"status": "affected"
},
{
"version": "10.6(1)SU3ES03",
"status": "affected"
},
{
"version": "10.6(1)SU2ES04",
"status": "affected"
},
{
"version": "10.6(1)SU3ES02",
"status": "affected"
},
{
"version": "10.6(1)SU3ES01",
"status": "affected"
},
{
"version": "11.0(1)SU1",
"status": "affected"
},
{
"version": "11.0(1)SU1ES03",
"status": "affected"
},
{
"version": "11.0(1)SU1ES02",
"status": "affected"
},
{
"version": "11.5(1)SU1",
"status": "affected"
},
{
"version": "11.5(1)SU1ES02",
"status": "affected"
},
{
"version": "11.5(1)SU1ES01",
"status": "affected"
},
{
"version": "11.5(1)SU1ES03",
"status": "affected"
},
{
"version": "11.5(1)ES01",
"status": "affected"
},
{
"version": "12.0(1)",
"status": "affected"
},
{
"version": "12.0(1)ES01",
"status": "affected"
},
{
"version": "12.0(1)ES03",
"status": "affected"
},
{
"version": "12.0(1)ES04",
"status": "affected"
},
{
"version": "12.0(1)ES02",
"status": "affected"
},
{
"version": "12.5(1)",
"status": "affected"
},
{
"version": "12.5(1)SU1",
"status": "affected"
},
{
"version": "12.5(1)SU2",
"status": "affected"
},
{
"version": "12.5(1)SU3",
"status": "affected"
},
{
"version": "12.5(1)_SU01_ES03",
"status": "affected"
},
{
"version": "12.5(1)ES03",
"status": "affected"
},
{
"version": "12.5(1)_SU01_ES01",
"status": "affected"
},
{
"version": "12.5(1)_SU02_ES02",
"status": "affected"
},
{
"version": "12.5(1)_SU01_ES02",
"status": "affected"
},
{
"version": "12.5(1)_SU02_ES03",
"status": "affected"
},
{
"version": "12.5(1)ES01",
"status": "affected"
},
{
"version": "12.5(1)_SU02_ES01",
"status": "affected"
},
{
"version": "12.5(1)ES02",
"status": "affected"
},
{
"version": "12.5(1)_SU03_ES01",
"status": "affected"
},
{
"version": "12.5(1)_SU02_ES04",
"status": "affected"
},
{
"version": "12.5(1)_SU03_ES02",
"status": "affected"
},
{
"version": "12.5(1)_SU03_ES03",
"status": "affected"
},
{
"version": "12.5(1)_SU03_ES04",
"status": "affected"
},
{
"version": "11.6(1)",
"status": "affected"
},
{
"version": "11.6(2)",
"status": "affected"
},
{
"version": "11.6(1)ES01",
"status": "affected"
},
{
"version": "11.6(2)ES06",
"status": "affected"
},
{
"version": "11.6(1)ES02",
"status": "affected"
},
{
"version": "11.6(2)ES01",
"status": "affected"
},
{
"version": "11.6(2)ES03",
"status": "affected"
},
{
"version": "11.6(2)ES07",
"status": "affected"
},
{
"version": "11.6(2)ES08",
"status": "affected"
},
{
"version": "11.6(2)ES02",
"status": "affected"
},
{
"version": "11.6(2)ES05",
"status": "affected"
},
{
"version": "11.6(2)ES04",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Unified Communications Manager IM and Presence Service",
"versions": [
{
"version": "10.5(1)",
"status": "affected"
},
{
"version": "10.5(2)",
"status": "affected"
},
{
"version": "10.5(2a)",
"status": "affected"
},
{
"version": "10.5(2b)",
"status": "affected"
},
{
"version": "10.5(2)SU3",
"status": "affected"
},
{
"version": "10.5(2)SU2a",
"status": "affected"
},
{
"version": "10.5(2)SU4a",
"status": "affected"
},
{
"version": "10.5(2)SU4",
"status": "affected"
},
{
"version": "10.5(1)SU3",
"status": "affected"
},
{
"version": "10.5(1)SU1",
"status": "affected"
},
{
"version": "10.5(2)SU1",
"status": "affected"
},
{
"version": "10.5(2)SU2",
"status": "affected"
},
{
"version": "10.5(1)SU2",
"status": "affected"
},
{
"version": "11.5(1)",
"status": "affected"
},
{
"version": "11.5(1)SU1",
"status": "affected"
},
{
"version": "11.5(1)SU2",
"status": "affected"
},
{
"version": "11.5(1)SU3",
"status": "affected"
},
{
"version": "11.5(1)SU3a",
"status": "affected"
},
{
"version": "11.5(1)SU4",
"status": "affected"
},
{
"version": "11.5(1)SU5",
"status": "affected"
},
{
"version": "11.5(1)SU5a",
"status": "affected"
},
{
"version": "11.5(1)SU6",
"status": "affected"
},
{
"version": "11.5(1)SU7",
"status": "affected"
},
{
"version": "11.5(1)SU8",
"status": "affected"
},
{
"version": "11.5(1)SU9",
"status": "affected"
},
{
"version": "11.5(1)SU10",
"status": "affected"
},
{
"version": "11.5(1)SU11",
"status": "affected"
},
{
"version": "11.0(1)",
"status": "affected"
},
{
"version": "11.0(1)SU1",
"status": "affected"
},
{
"version": "12.5(1)",
"status": "affected"
},
{
"version": "12.5(1)SU1",
"status": "affected"
},
{
"version": "12.5(1)SU2",
"status": "affected"
},
{
"version": "12.5(1)SU3",
"status": "affected"
},
{
"version": "12.5(1)SU4",
"status": "affected"
},
{
"version": "12.5(1)SU5",
"status": "affected"
},
{
"version": "12.5(1)SU6",
"status": "affected"
},
{
"version": "12.5(1)SU7",
"status": "affected"
},
{
"version": "14",
"status": "affected"
},
{
"version": "14SU1",
"status": "affected"
},
{
"version": "14SU2",
"status": "affected"
},
{
"version": "14SU2a",
"status": "affected"
},
{
"version": "10.0(1)",
"status": "affected"
},
{
"version": "10.0(1)SU1",
"status": "affected"
},
{
"version": "10.0(1)SU2",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Virtualized Voice Browser",
"versions": [
{
"version": "11.0(1)",
"status": "affected"
},
{
"version": "11.5(1)",
"status": "affected"
},
{
"version": "11.5(1)ES29",
"status": "affected"
},
{
"version": "11.5(1)ES32",
"status": "affected"
},
{
"version": "11.5(1)_ES43",
"status": "affected"
},
{
"version": "11.5(1)_ES54",
"status": "affected"
},
{
"version": "11.5(1)_ES27",
"status": "affected"
},
{
"version": "11.5(1)ES36",
"status": "affected"
},
{
"version": "11.5(1)_ES32",
"status": "affected"
},
{
"version": "11.5(1)_ES29",
"status": "affected"
},
{
"version": "11.5(1)_ES36",
"status": "affected"
},
{
"version": "11.5(1)ES43",
"status": "affected"
},
{
"version": "11.5(1)_ES53",
"status": "affected"
},
{
"version": "11.5(1)ES27",
"status": "affected"
},
{
"version": "11.6(1)",
"status": "affected"
},
{
"version": "11.6(1)_ES82",
"status": "affected"
},
{
"version": "11.6(1)_ES22",
"status": "affected"
},
{
"version": "11.6(1)_ES81",
"status": "affected"
},
{
"version": "11.6(1)_ES87",
"status": "affected"
},
{
"version": "11.6(1)_ES84",
"status": "affected"
},
{
"version": "11.6(1)_ES85",
"status": "affected"
},
{
"version": "11.6(1)_ES83",
"status": "affected"
},
{
"version": "11.6(1)_ES80",
"status": "affected"
},
{
"version": "11.6(1)_ES86",
"status": "affected"
},
{
"version": "11.6(1)_ES88",
"status": "affected"
},
{
"version": "12.5(1)_ES04",
"status": "affected"
},
{
"version": "12.5(1)_ES07",
"status": "affected"
},
{
"version": "12.5(1)_ES02",
"status": "affected"
},
{
"version": "12.5(1)",
"status": "affected"
},
{
"version": "12.5(1)_ES08",
"status": "affected"
},
{
"version": "12.5(1)_ES03",
"status": "affected"
},
{
"version": "12.5(1)_ES06",
"status": "affected"
},
{
"version": "12.5(1)_ES09",
"status": "affected"
},
{
"version": "12.5(1)_ES14",
"status": "affected"
},
{
"version": "12.5(1)SU",
"status": "affected"
},
{
"version": "12.5(1)_ES15",
"status": "affected"
},
{
"version": "12.5(1)_SU",
"status": "affected"
},
{
"version": "12.5(1)_SU_ES01",
"status": "affected"
},
{
"version": "12.5(1)_ES11",
"status": "affected"
},
{
"version": "12.5(1)_ES12",
"status": "affected"
},
{
"version": "12.5(2)_ET",
"status": "affected"
},
{
"version": "12.5(1)_SU_ES02",
"status": "affected"
},
{
"version": "12.5(1)_ES10",
"status": "affected"
},
{
"version": "12.0(1)",
"status": "affected"
},
{
"version": "12.0(1)_ES02",
"status": "affected"
},
{
"version": "12.0(1)_ES01",
"status": "affected"
},
{
"version": "12.0(1)_ES06",
"status": "affected"
},
{
"version": "12.0(1)_ES07",
"status": "affected"
},
{
"version": "12.0(1)_ES05",
"status": "affected"
},
{
"version": "12.0(1)_ES04",
"status": "affected"
},
{
"version": "12.0(1)_ES03",
"status": "affected"
},
{
"version": "12.0(1)_ES08",
"status": "affected"
},
{
"version": "12.6(1)",
"status": "affected"
},
{
"version": "12.6(1)_ES04",
"status": "affected"
},
{
"version": "12.6(1)_ES03",
"status": "affected"
},
{
"version": "12.6(1)_ES09",
"status": "affected"
},
{
"version": "12.6(1)_ES06",
"status": "affected"
},
{
"version": "12.6(1)_ES08",
"status": "affected"
},
{
"version": "12.6(1)_ES05",
"status": "affected"
},
{
"version": "12.6(2)_ES03",
"status": "affected"
},
{
"version": "12.6(1)_ES02",
"status": "affected"
},
{
"version": "12.6(1)_ES01",
"status": "affected"
},
{
"version": "12.6(2)",
"status": "affected"
},
{
"version": "12.6(2)_ET01",
"status": "affected"
},
{
"version": "12.6(2)_ES02",
"status": "affected"
},
{
"version": "12.6(2)_ES01",
"status": "affected"
},
{
"version": "12.6(1)_ES07",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Packaged Contact Center Enterprise",
"versions": [
{
"version": "10.5(1)",
"status": "affected"
},
{
"version": "10.5(2)",
"status": "affected"
},
{
"version": "10.5(1)_ES7",
"status": "affected"
},
{
"version": "10.5(2)_ES8",
"status": "affected"
},
{
"version": "11.0(1)",
"status": "affected"
},
{
"version": "11.0(2)",
"status": "affected"
},
{
"version": "11.5(1)",
"status": "affected"
},
{
"version": "11.6(1)",
"status": "affected"
},
{
"version": "11.6(2)",
"status": "affected"
},
{
"version": "12.0(1)",
"status": "affected"
},
{
"version": "12.5(1)",
"status": "affected"
},
{
"version": "12.5(2)",
"status": "affected"
},
{
"version": "12.6(1)",
"status": "affected"
},
{
"version": "12.6(2)",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Unified Communications Manager / Cisco Unity Connection",
"versions": [
{
"version": "10.5(2)SU10",
"status": "affected"
},
{
"version": "10.5(1)",
"status": "affected"
},
{
"version": "10.5(1)SU1",
"status": "affected"
},
{
"version": "10.5(1)SU1a",
"status": "affected"
},
{
"version": "10.5(2)",
"status": "affected"
},
{
"version": "10.5(2)SU1",
"status": "affected"
},
{
"version": "10.5(2)SU2",
"status": "affected"
},
{
"version": "10.5(2)SU3",
"status": "affected"
},
{
"version": "10.5(2)SU4",
"status": "affected"
},
{
"version": "10.5(2)SU5",
"status": "affected"
},
{
"version": "10.5(2)SU6",
"status": "affected"
},
{
"version": "10.5(2)SU7",
"status": "affected"
},
{
"version": "10.5(2)SU8",
"status": "affected"
},
{
"version": "10.5(2)SU9",
"status": "affected"
},
{
"version": "10.5(2)SU2a",
"status": "affected"
},
{
"version": "10.5(2)SU3a",
"status": "affected"
},
{
"version": "10.5(2)SU4a",
"status": "affected"
},
{
"version": "10.5(2)SU6a",
"status": "affected"
},
{
"version": "11.0(1)",
"status": "affected"
},
{
"version": "11.0(1a)",
"status": "affected"
},
{
"version": "11.0(1a)SU1",
"status": "affected"
},
{
"version": "11.0(1a)SU2",
"status": "affected"
},
{
"version": "11.0(1a)SU3",
"status": "affected"
},
{
"version": "11.0(1a)SU3a",
"status": "affected"
},
{
"version": "11.0(1a)SU4",
"status": "affected"
},
{
"version": "11.0.1",
"status": "affected"
},
{
"version": "11.0.2",
"status": "affected"
},
{
"version": "11.0.5",
"status": "affected"
},
{
"version": "11.5(1)",
"status": "affected"
},
{
"version": "11.5(1)SU1",
"status": "affected"
},
{
"version": "11.5(1)SU2",
"status": "affected"
},
{
"version": "11.5(1)SU3",
"status": "affected"
},
{
"version": "11.5(1)SU3a",
"status": "affected"
},
{
"version": "11.5(1)SU3b",
"status": "affected"
},
{
"version": "11.5(1)SU4",
"status": "affected"
},
{
"version": "11.5(1)SU5",
"status": "affected"
},
{
"version": "11.5(1)SU6",
"status": "affected"
},
{
"version": "11.5(1)SU7",
"status": "affected"
},
{
"version": "11.5(1)SU8",
"status": "affected"
},
{
"version": "11.5(1)SU9",
"status": "affected"
},
{
"version": "11.5(1)SU10",
"status": "affected"
},
{
"version": "11.5(1)SU11",
"status": "affected"
},
{
"version": "10.0(1)SU2",
"status": "affected"
},
{
"version": "10.0(1)",
"status": "affected"
},
{
"version": "10.0(1)SU1",
"status": "affected"
}
]
}
]References
Social References
More
Related
nessus
nessus
Cisco Unity Connection RCE (cisco-sa-cucm-rce-bWNzQcUm)
2024-01-25 00:00:00
Cisco Unified Communications Manager RCE (cisco-sa-cucm-rce-bWNzQcUm)
2024-01-25 00:00:00
cisco
cisco
Cisco Unified Communications Products Remote Code Execution Vulnerability
2024-01-24 16:00:00
prion
prion
Input validation
2024-01-26 18:15:00
cvelist
cvelist
CVE-2024-20253
2024-01-26 17:28:30
nvd
nvd
CVE-2024-20253
2024-01-26 18:15:10
thn
thn
Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
2024-01-26 05:13:00
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
53.1%
Related for CVE-2024-20253