From bleepingcomputer.com
Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.
Cisco’s Unified Communications and Contact Center Solutions are integrated solutions that provide enterprise-level voice, video, and messaging services, as well as customer engagement and management.
The company has published a security bulletin to warn about the vulnerability, currently tracked as CVE-2024-20253, which could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The vulnerability was discovered by Synacktiv researcher Julien Egloff and received a 9.9 base score out of a maximum of 10. It is caused by improper processing of user-provided data read into memory.
Attackers could exploit it by sending a specially crafted message to a listening port, potentially gaining the ability to execute arbitrary commands with the privileges of the web services user, and establish root access.