Cisco warns of critical RCE flaw in communications software


Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.

Cisco’s Unified Communications and Contact Center Solutions are integrated solutions that provide enterprise-level voice, video, and messaging services, as well as customer engagement and management.

The company has published a security bulletin to warn about the vulnerability, currently tracked as CVE-2024-20253, which could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

The vulnerability was discovered by Synacktiv researcher Julien Egloff and received a 9.9 base score out of a maximum of 10. It is caused by improper processing of user-provided data read into memory.

Attackers could exploit it by sending a specially crafted message to a listening port, potentially gaining the ability to execute arbitrary commands with the privileges of the web services user, and establish root access.

Read more…