Cisco: Critical Flaw Exposes Unified Communications Systems to Remote Code Execution

by | Jan 26, 2024 | News

Cisco: Critical Flaw Exposes Unified Communications Systems to Remote Code Execution

Post Views: 152




Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon
Reading Time: 3 Minutes

Cisco has issued a series of crucial patches to remedy a severe security vulnerability impacting its Unified Communications and Contact Center Solutions products. This critical flaw, identified as CVE-2024-20253 with a CVSS score of 9.9, arises from improper processing of user-provided data. In the event of exploitation, an unauthenticated remote attacker could execute arbitrary code on the affected device, potentially leading to unauthorized access to the underlying operating system.

The discovery and reporting of CVE-2024-20253 are credited to Julien Egloff, a security researcher at Synacktiv.

The affected products include:

  • Unified Communications Manager
  • Unified Communications Manager IM & Presence Service
  • Unified Communications Manager Session Management Edition
  • Unified Contact Center Express
  • Unity Connection, and Virtualized Voice Browser

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses




Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

The flaw’s exploitation could grant attackers the ability to execute arbitrary commands on the operating system with the privileges of the web services user. Additionally, access to the underlying operating system could facilitate the establishment of root access on the compromised device.

Cisco urges users to apply the provided patches promptly. While there are no immediate workarounds available, the company advises implementing access control lists (ACLs) on intermediary devices to restrict access to the vulnerable ports in cases where the update cannot be applied immediately.

Trending: Jeff Foley – OWASP Amass Founder




Trending: OSINT Tool: apk2url

This revelation follows closely on the heels of Cisco’s recent efforts to address a critical security flaw (CVE-2024-20272, CVSS score: 7.3) in Unity Connection, emphasizing the ongoing commitment to fortifying the security of its products against potential threats.

Trending: Shutdown Scripts Expose Spyware on Compromised Apple Devices

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: thehackernews.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This