Free Trial
|
Login
Free Trial
Login
Platform

Platform

I want to

report
WHITEPAPER Picus Red Report 2024
white paper
DATASHEET Security Validation Platform
Use Cases

Use Cases

Frameworks

Group
WHITEPAPER Building a Robust Defense-in-Depth Strategy with Breach and Attack Simulation (BAS)
webinar
ON-DEMAND Top Ten ATT&CK Techniques: The Rise of ‘Hunter-Killer’ Malware
Research

RESEARCH

LEARNING

report (1)
REPORT 2024 Gartner® Peer Insights™ Voice of the Customer for Breach and Attack Simulation (BAS) Tools
report (1)
REPORT Blue Report: Effective Threat Exposure Management
Resources

RESOURCES

LEARNING

Group
WHITEPAPER Double Your Threat Blocking in 90 Days
webinar
UPCOMING WEBINAR Maximizing Cybersecurity with GenAI
Company

COMPANY

PARTNERS

webinar
UPCOMING WEBINAR Maximizing Cybersecurity with GenAI
Data sheet
DATASHEET The Pioneer of Breach & Attack Simulation
GET A DEMO

CVE-2024-20253: Cisco Unified Comms Remote Code Execution Vulnerability

Huseyin Can YUCEEL | January 26, 2024

The Red Report 2024

The Top 10 MITRE ATT&CK Techniques Used by Adversaries

DOWNLOAD

On January 24, 2024, Cisco disclosed a remote code execution vulnerability that affects Cisco Unified Communications Manager and Contact Center Solutions products [1]. CVE-2024-20253 vulnerability has a CVSS score of 9.9 (Critical). Cisco recommended organizations to apply security updates to address the vulnerability.

In this blog, we explained the Cisco CVE-2024-20253 Remote Code Execution vulnerability and how organizations can defend against CVE-2024-20253 attacks.

Simulate Vulnerability Exploitation Attacks with 14-Day Free Trial of Picus Platform

Cisco CVE-2024-20253 Remote Code Execution  Vulnerability Explained

Cisco Unified Communications Manager (CM) is a comprehensive suite of solutions designed to facilitate communication and collaboration within organizations. Unified CM integrates various communication channels, such as voice, video, messaging, and conferencing, into a unified platform. Cisco Contact Center Solutions is a comprehensive suite of products and services designed to enhance customer service within organizations. Similar to Unified CM, Cisco Contact Center Solutions streamlines customer interactions across various communication channels, including voice calls, emails, chat, social media, and SMS.

On January 24, 2024, Cisco disclosed a remote code execution vulnerability affecting both Cisco Unified Communications Manager and Contact Center Solutions. CVE-2024-20253 vulnerability allows an unauthenticated adversary to execute arbitrary commands remotely in a vulnerable system. The vulnerability is caused by the improper processing of user-provided data that is being read into memory. Adversaries may exploit the CVE-2024-20253 vulnerability by sending a malicious payload to a listening port of an affected product and the sent payload would be executed with web services user privileges. Adversaries may use this access to elevate their privileges to root. The list of affected devices are given below.

Affected Product

Affected Versions

Packaged Contact Center Enterprise (PCCE) 

version 12.0 and earlier

version 12.5(1)

version 12.5(2)

Unified Communications Manager (Unified CM & Unified CM SME) 

version 11.5

version 12.5(1)

version 14

Unified Communications Manager IM & Presence Service (Unified CM IM&P) 

version 11.5(1)

version 12.5(1)

version 14

Unified Contact Center Enterprise (UCCE) 

version 12.0 and earlier

version 12.5(1)

version 12.5(2)

Unified Contact Center Express (UCCX) 

version 12.0 and earlier

version 12.5(1)

Unity Connection

versions 11.5(1)

version 12.5(1)

version 14

Virtualized Voice Browser (VVB)

versions 12.0 and earlier

version 12.5(1)

version 12.5(2)

The vulnerability has a CVSS score of 9.9 (Critical) and has no work around. Organizations are advised to apply security updates as soon as possible. As for mitigation, Cisco suggested organizations establish access control lists (ACLs) to separate vulnerable products from the rest of the network and only allow access to ports of deployed services.

References

[1] “Cisco Security Advisory: Cisco Unified Communications Products Remote Code Execution Vulnerability,” Cisco, Jan. 25, 2024. Available: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm. [Accessed: Jan. 26, 2024]