Invoice Phishing Alert, TA866 Deploys Malware Duo
January 23, 2024
Microsoft Outlook Security Flaw Exposes User Passwords to Attackers
January 30, 2024
Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. The flaw is tracked as CVE-2024-20253 and has a CVSS score of 9.9. The vulnerability arises from the improper processing of user-provided data that a threat actor could abuse to send a specially crafted message to a listening port of a susceptible appliance.
"According to a Cisco advisory, a successful exploit of the vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device”
The following products are impacted by the flaw:
- Unified Communications Manager (versions 11.5, 12.5 (1), and 14)
- Unified Communications Manager IM & Presence Service (versions 11.5 (1), 12.5 (1), and 14)
- Unified Communications Manager Session Management Edition (versions 11.5, 12.5 (1), and 14)
- Unified Contact Center Express (versions 12.0 and earlier and 12.5 (1))
- Unity Connection (versions 11.5 (1), 12.5 (1), and 14)
- Virtualized Voice Browser (versions 12.0 and earlier, 12.5 (1), and 12.5 (2))
Cisco has urged users to set up access control lists to limit access where applying the updates is not immediately possible. The company has also advised users to establish access control lists (ACLs) on intermediary devices that separate the Cisco Unified Communications or Cisco Contact Center Solutions cluster from users and the rest of the network to allow access only to the ports of deployed services.
In conclusion, the vulnerability in Cisco's Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. It is important for users to apply the patches released by Cisco and set up access control lists to limit access where applying the updates is not immediately possible.
