A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Cisco
  • Virtualized Voice Browser
  • Unified Contact Center Express
  • Unity Connection
  • Unified Communications Manager Im And Presence Service
  • Unified Communications Manager

Configuration 1 [-]

OR cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*

Configuration 3 [-]

OR cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:a:cisco:unified_contact_center_express:12.5\(1\):-:*:*:*:*:*:*

Configuration 6 [-]

OR cpe:2.3:a:cisco:virtualized_voice_browser:12.5\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:virtualized_voice_browser:12.6\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:virtualized_voice_browser:12.6\(2\):*:*:*:*:*:*:*
References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm Issue Tracking Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2024-01-26T17:28:30.761Z

Updated: 2024-02-02T15:42:33.881Z

Reserved: 2023-11-08T15:08:07.622Z

Link: CVE-2024-20253

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2024-01-26T18:15:10.970

Modified: 2024-02-02T16:15:53.893

Link: CVE-2024-20253

JSON object: View

cve-icon Redhat Information

No data.

CWE