Deserialization of untrusted data in Cisco Unified Communications products



Published: 2024-01-24
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2024-20253
CWE-ID CWE-502
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		Cisco Packaged Contact Center Enterprise
Client/Desktop applications / Office applications

Cisco Unified Communications Manager
Server applications / Other server solutions

Cisco Unified Communications Manager IM & Presence Service
Client/Desktop applications / Other client software

Cisco Unified Communications Manager Session Management Edition
Server applications / Remote management servers, RDP, SSH

Cisco Unified Contact Center Enterprise
Server applications / Conferencing, Collaboration and VoIP solutions

Cisco Unified Contact Center Express
Server applications / Web servers

Cisco Unity Connection
Client/Desktop applications / Messaging software

Cisco Virtualized Voice Browser
Client/Desktop applications / Web browsers

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Deserialization of Untrusted Data

EUVDB-ID: #VU85776

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20253

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can send a specially crafted message to a listening port of an affected device and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Cisco Packaged Contact Center Enterprise: 12.0.0 - 12.5.2

Cisco Unified Communications Manager: 11.5(1) - 14SU4

Cisco Unified Communications Manager IM & Presence Service: 11.0 - 14SU4

Cisco Unified Communications Manager Session Management Edition: 11.0 - 14SU3

Cisco Unified Contact Center Enterprise: 12.0 - 12.5.2

Cisco Unified Contact Center Express: 12.0 - 12.5.1 SU2

Cisco Unity Connection: 12.0 - 14SU3a

Cisco Virtualized Voice Browser: 12.5.0 - 12.5.2

External links

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd64245
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd64276
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd64292
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe18773
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe18830
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe18840


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###