CVE-2024-20253

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Jan 26, 2024
Updated: Feb 2, 2024
CWE ID 502

Summary

CVE-2024-20253 is a newly disclosed vulnerability affecting multiple Cisco Unified Communications and Contact Center Solutions products. This issue permits an unauthenticated, remote attacker to execute arbitrary code on an affected device due to the mishandling of user-supplied data during memory processing. A malicious actor could exploit this vulnerability by sending a specially crafted message to a listening port on the affected device, potentially leading to command execution on the underlying operating system with web services user privileges. Successful exploitation could grant the attacker root access to the device.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Cisco Unity Connection
  • Cisco Unified Communications Manager
  • Cisco Unified Contact Center Express

Affected Vendors

  • Cisco Systems Inc