CVE-2024-20253
CVSS 3.1 Score 10.0 of 10 (high)
Details
Summary
CVE-2024-20253 is a newly disclosed vulnerability affecting multiple Cisco Unified Communications and Contact Center Solutions products. This issue permits an unauthenticated, remote attacker to execute arbitrary code on an affected device due to the mishandling of user-supplied data during memory processing. A malicious actor could exploit this vulnerability by sending a specially crafted message to a listening port on the affected device, potentially leading to command execution on the underlying operating system with web services user privileges. Successful exploitation could grant the attacker root access to the device.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cisco Unity Connection
- Cisco Unified Communications Manager
- Cisco Unified Contact Center Express
Affected Vendors
- Cisco Systems Inc