CVE-2024-20253
Published: Jan 26, 2024
Modified: May 29, 2025
CVSS v3.1
9.9
Description
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
| Vendor | Product | Versions |
|---|---|---|
Cisco | Cisco Unified Contact Center Enterprise | affected N/A |
Cisco | Cisco Unity Connection | affected 12.0(1)SU1affected 12.0(1)SU2affected 12.0(1)SU3affected 12.0(1)SU4affected 12.0(1)SU5+11 more versions |
Cisco | Cisco Unified Communications Manager | affected 12.0(1)SU1affected 12.0(1)SU2affected 12.0(1)SU3affected 12.0(1)SU4affected 12.0(1)SU5+12 more versions |
Cisco | Cisco Unified Contact Center Express | affected 8.5(1)affected 9.0(2)SU3ES04affected 10.0(1)SU1affected 10.0(1)SU1ES04affected 10.5(1)+53 more versions |
Cisco | Cisco Unified Communications Manager IM and Presence Service | affected 10.5(1)affected 10.5(2)affected 10.5(2a)affected 10.5(2b)affected 10.5(2)SU3+39 more versions |
Cisco | Cisco Virtualized Voice Browser | affected 11.0(1)affected 11.5(1)affected 11.5(1)ES29affected 11.5(1)ES32affected 11.5(1)_ES43+62 more versions |
Cisco | Cisco Packaged Contact Center Enterprise | affected 10.5(1)affected 10.5(2)affected 10.5(1)_ES7affected 10.5(2)_ES8affected 11.0(1)+9 more versions |
Cisco | Cisco Unified Communications Manager / Cisco Unity Connection | affected 10.5(2)SU10affected 10.5(1)affected 10.5(1)SU1affected 10.5(1)SU1aaffected 10.5(2)+40 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now