Cisco patches vital vulnerability in Unified Communications merchandise

[ad_1]

Cisco mounted a vital flaw this week that impacts a number of Unified Communications and Contact Heart Options merchandise and may very well be exploited remotely by unauthenticated attackers to execute arbitrary code on impacted units. Medium severity vulnerabilities have additionally been patched in Cisco Small Enterprise Sequence Switches and Cisco Unity Connection.

The vital bug is tracked as CVE-2024-20253 and is rated 9.9 out of 10 on the CVSS severity scale. It’s brought on by insecure processing of user-supplied knowledge that’s being loaded into reminiscence and might be exploited by sending a specifically crafted message to one of many community communication ports opened on the machine.

“A profitable exploit may permit the attacker to execute arbitrary instructions on the underlying working system with the privileges of the online companies person,” Cisco stated in its advisory. “With entry to the underlying working system, the attacker may additionally set up root entry on the affected machine.”

The CVE-2024-20253 vulnerability impacts a number of merchandise of their default configurations together with Unified Communications Supervisor (Unified CM), Unified Communications Supervisor IM & Presence Service (Unified CM IM&P), Unified Communications Supervisor Session Administration Version (Unified CM SME), Unified Contact Heart Categorical (UCCX), Unity Connection and Virtualized Voice Browser.

Cisco Unified Communications is a product suite for enterprises to unify voice, video, and knowledge communications over IP-based networks. The Unified Communications Supervisor is used for name management and session administration and Unity Connection is a unified messaging answer that permits customers to entry messages from lets customers entry messages from an electronic mail inbox, internet browser, Cisco Jabber, Cisco Unified IP Telephone, smartphone, or pill.

Cisco prospects urged to patch merchandise or mitigate the vulnerability

Clients are urged to deploy the launched patches for all of the impacted merchandise as quickly as attainable, but when they need to delay patching they need to place the susceptible units between firewalls or switches that implement entry management lists and solely permit entry to ports crucial for deployed companies. Safety greatest practices and hardening guides can be found for each Cisco Unified Communications Supervisor and Cisco Unified ICM/Contact Heart Enterprise.

[ad_2]

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Consuleria is a leading provider of digital forensic investigations, cybersecurity, and data protection services. Our team of experts has the skills and experience to conduct investigations on both a national and international scale, including support for homeland security efforts.

Consuleria is committed to providing the highest level of security for its clients. We offer a comprehensive range of services, including security assessment and penetration testing, all of which are conducted in accordance with the highest industry standards.

 

Useful Links

Contact Us

Legal Headquarter:
Via Papa Giovanni XXIII Albenga (Sv) – ITALY
Phone: +39 393 33 58 136
Email (general): info [at] consuleria [dot] com
Email (legal): legal.office[at] consuleria [dot] com
Email (administration): amministrazione [at] consuleria [dot] com

2023 © All Rights Reserved. Privacy Policy   – P.Iva IT01871640098