Vulnerability-Lookup

BDU:2024-09519

Vulnerability from fstec - Published: 06.11.2023

Title

Уязвимость функции External Agent Assignment Service (EAAS) средства обмена сообщениями Cisco Enterprise Chat and Email (ECE), позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции External Agent Assignment Service (EAAS) средства обмена сообщениями Cisco Enterprise Chat and Email (ECE) связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Enterprise Chat and Email

Software Version

до 12.5(1) ES9 (Enterprise Chat and Email), от 12.6 до 12.6(1) ES9 ET3 (Enterprise Chat and Email)

Possible Mitigations

Использование рекомендаций производителя: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv

Reference

https://vuldb.com/?id.283350 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv https://github.com/advisories/GHSA-jvmc-2wg5-j9pw https://nvd.nist.gov/vuln/detail/CVE-2024-20484

CWE

CWE-20

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 12.5(1) ES9 (Enterprise Chat and Email), \u043e\u0442 12.6 \u0434\u043e 12.6(1) ES9 ET3 (Enterprise Chat and Email)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: \nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.11.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09519",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20484",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Enterprise Chat and Email",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 External Agent Assignment Service (EAAS) \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Cisco Enterprise Chat and Email (ECE), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 External Agent Assignment Service (EAAS) \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043e\u0431\u043c\u0435\u043d\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f\u043c\u0438 Cisco Enterprise Chat and Email (ECE) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://vuldb.com/?id.283350\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv\nhttps://github.com/advisories/GHSA-jvmc-2wg5-j9pw\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-20484",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CVE-2024-20484 (GCVE-0-2024-20484)

Vulnerability from cvelistv5 – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:20

Title

Cisco Enterprise Chat and Email Denial of Service Vulnerability

Summary

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Enterprise Chat and Email	Affected: 11.6(1)_ES3 Affected: 11.6(1)_ES4 Affected: 12.0(1)_ES6 Affected: 11.6(1)_ES9 Affected: 11.6(1)_ES6 Affected: 11.6(1)_ES5 Affected: 12.5(1)_ET1 Affected: 12.5(1)_ES3_ET1 Affected: 12.0(1)_ES3 Affected: 11.6(1)_ES11 Affected: 12.0(1)_ES4 Affected: 12.0(1)_ES5 Affected: 11.6(1)_ES2 Affected: 11.6(1)_ES9a Affected: 11.6(1)_ES10 Affected: 12.0(1)_ES1 Affected: 12.0(1) Affected: 12.5(1)_ES3 Affected: 12.6(1) Affected: 11.5(1) Affected: 12.0(1)_ES2 Affected: 11.6(1)_ES7 Affected: 12.6(1)_ET1 Affected: 11.6(1) Affected: 12.6(1)_ET2 Affected: 12.5(1)_ES3_ET2 Affected: 12.0(1)_ES6_ET2 Affected: 12.6(1)_ES1 Affected: 11.6(1)_ES12 Affected: 12.6(1)_ET3 Affected: 12.5(1)_ES4_ET1 Affected: 12.0(1)_ES6_ET3 Affected: 12.6(1)_ES1_ET1 Affected: 12.6(1)_ES2 Affected: 12.6_ES2_ET1 Affected: 12.5(1)_ES5 Affected: 12.6_ES2_ET2 Affected: 12.0(1)_ES7 Affected: 12.6_ES2_ET3 Affected: 12.0(1)_ES7_ET1 Affected: 12.5(1)_ES5_ET1 Affected: 12.6_ES2_ET4 Affected: 12.6(1)_ES3 Affected: 11.6(1)_ES12_ET1 Affected: 12.6_ES3_ET1 Affected: 12.6_ES3_ET2 Affected: 12.6(1)_ES4 Affected: 12.5(1)_ES7 Affected: 12.6(1)_ES4_ET1 Affected: 12.6(1)_ES5 Affected: 12.6(1)_ES5_ET1 Affected: 12.6(1)_ES5_ET2 Affected: 12.6(1)_ES6 Affected: 12.6(1)_ES6_ET1 Affected: 12.5(1)_ES8 Affected: 12.6(1)_ES6_ET2 Affected: 12.6(1)_ES7 Affected: 12.6(1)_ES8 Affected: 12.6(1)_ES4_ET2 Affected: 12.6(1)_ES3_ET3 Affected: 12.6(1)_ES2_ET5 Affected: 12.6(1)_ES1_ET2 Affected: 12.6(1)_ES8_ET1 Affected: 12.6(1)_ES7_ET1 Affected: 12.6(1)_ES6_ET3 Affected: 12.6(1)_ES5_ET3 Affected: 12.5(1)_ES8_ET1 Affected: 12.5(1)_ES3_ET3 Affected: 12.5(1)_ES5_ET2 Affected: 12.5(1)_ES6_ET1 Affected: 12.5(1)_ES4_ET2 Affected: 12.5(1)_ES7_ET1 Affected: 12.6(1)_ES8_ET2 Affected: 12.6(1)_ES9 Affected: 12.6(1)_ES9_ET1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_chat_and_email",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.6(1)_ES3"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES4"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES6"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES9"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES6"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES5"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES3_ET1"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES3"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES11"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES4"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES5"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES2"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES9a"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES10"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES1"
              },
              {
                "status": "affected",
                "version": "12.0(1)"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES3"
              },
              {
                "status": "affected",
                "version": "12.6(1)"
              },
              {
                "status": "affected",
                "version": "11.5(1)"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES2"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES7"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ET1"
              },
              {
                "status": "affected",
                "version": "11.6(1)"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ET2"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES3_ET2"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES6_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES1"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES12"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ET3"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES4_ET1"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES6_ET3"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES1_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES2"
              },
              {
                "status": "affected",
                "version": "12.6_ES2_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES5"
              },
              {
                "status": "affected",
                "version": "12.6_ES2_ET2"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES7"
              },
              {
                "status": "affected",
                "version": "12.6_ES2_ET3"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES7_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES5_ET1"
              },
              {
                "status": "affected",
                "version": "12.6_ES2_ET4"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES3"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES12_ET1"
              },
              {
                "status": "affected",
                "version": "12.6_ES3_ET1"
              },
              {
                "status": "affected",
                "version": "12.6_ES3_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES4"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES7"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES4_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES5"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES5_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES5_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES6"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES6_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES8"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES6_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES7"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES8"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES4_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES3_ET3"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES2_ET5"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES1_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES8_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES7_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES6_ET3"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES5_ET3"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES8_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES3_ET3"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES5_ET2"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES6_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES4_ET2"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES7_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES8_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES9"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES9_ET1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20484",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T17:20:15.324243Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T17:20:30.979Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Enterprise Chat and Email",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)_ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES9"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES6"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET1"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES11"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES5"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES9a"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES1"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET1"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET2"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES12"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES4_ET1"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES2"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET2"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET3"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5_ET1"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET4"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES12_ET1"
            },
            {
              "status": "affected",
              "version": "12.6_ES3_ET1"
            },
            {
              "status": "affected",
              "version": "12.6_ES3_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES3_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES2_ET5"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES8_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES6_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES4_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES9"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES9_ET1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources \u0026gt; Services \u0026gt; Unified CCE \u0026gt; EAAS, then click Start."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T16:29:20.865Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ece-dos-Oqb9uFEv",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ece-dos-Oqb9uFEv",
        "defects": [
          "CSCwj26667"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Enterprise Chat and Email Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20484",
    "datePublished": "2024-11-06T16:29:20.865Z",
    "dateReserved": "2023-11-08T15:08:07.684Z",
    "dateUpdated": "2024-11-06T17:20:30.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-09519

CVE-2024-20484 (GCVE-0-2024-20484)

Tags

Sightings

Nomenclature