{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-015.pdf"
    },
    "title": "Remote Code Execution Vulnerability in Cisco Products",
    "serial_number": "2024-015",
    "publish_date": "29-01-2024 15:41:07",
    "description": "On January 24, 2024, Cisco disclosed a critical vulnerability in multiple the Unified Communications and Contact Center Solutions products. This vulnerability, tracked as \"CVE-2024-20253\" with a CVSS score of 9.9, could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.<br>\n",
    "url_title": "2024-015",
    "content_markdown": "---\ntitle: 'Remote Code Execution Vulnerability in\u00a0Cisco\u00a0Products'\nnumber: '2024-015'\nversion: '1.0'\noriginal_date: 'January 24, 2024'\ndate: 'January 29, 2024'\n---\n\n_History:_\n\n* _29/01/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn January 24, 2024, Cisco disclosed a critical vulnerability in multiple the Unified Communications and Contact Center Solutions products [1]. This vulnerability, tracked as `CVE-2024-20253` with a CVSS score of 9.9, could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.\n\n# Technical Details\n\nThis vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.\n\n# Affected Products\n\nThis vulnerability affects the following Cisco products in the default configuration [2]:\n\n- Unified Communications Manager (Unified CM), versions 11.5, 12.5(1), and 14. \n- Unified Communications Manager IM & Presence Service (Unified CM IM&P), versions 11.5(1), 12.5(1), and 14.\n- Unified Communications Manager Session Management Edition (Unified CM SME), versions 11.5, 12.5(1), and 14. \n- Unified Contact Center Express (UCCX), versions 12.0 and earlier and 12.5(1).\n- Unity Connection, versions 11.5(1), 12.5(1), and 14.\n- Virtualized Voice Browser (VVB), versions 12.0 and earlier, 12.5(1), and 12.5(2).\n\n# Recommendations\n\nCERT-EU recommends updating to the latest version of the affected product as soon as possible to mitigate this vulnerability [2].\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-flaw-in-communications-software/>\n\n[2] <https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>29/01/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On January 24, 2024, Cisco disclosed a critical vulnerability in multiple the Unified Communications and Contact Center Solutions products [1]. This vulnerability, tracked as <code>CVE-2024-20253</code> with a CVSS score of 9.9, could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.</p><h2 id=\"technical-details\">Technical Details</h2><p>This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.</p><h2 id=\"affected-products\">Affected Products</h2><p>This vulnerability affects the following Cisco products in the default configuration [2]:</p><ul><li>Unified Communications Manager (Unified CM), versions 11.5, 12.5(1), and 14. </li><li>Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), versions 11.5(1), 12.5(1), and 14.</li><li>Unified Communications Manager Session Management Edition (Unified CM SME), versions 11.5, 12.5(1), and 14. </li><li>Unified Contact Center Express (UCCX), versions 12.0 and earlier and 12.5(1).</li><li>Unity Connection, versions 11.5(1), 12.5(1), and 14.</li><li>Virtualized Voice Browser (VVB), versions 12.0 and earlier, 12.5(1), and 12.5(2).</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends updating to the latest version of the affected product as soon as possible to mitigate this vulnerability [2].</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-flaw-in-communications-software/\">https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-flaw-in-communications-software/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm\">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}