Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0068
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Cisco Unified Communications. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | Unified Communications | Virtualized Voice Browser (VVB) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
| Cisco | Unified Communications | Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.v1_java_deserial-CSCwd64245.cop.sha512 | ||
| Cisco | Unified Communications | Packaged Contact Center Enterprise (PCCE) et Unified Contact Center Enterprise (UCCE) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
| Cisco | Unified Communications | Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512 | ||
| Cisco | Unified Communications | Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512 | ||
| Cisco | Unified Communications | Unified Contact Center Express (UCCX) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
| Cisco | Unified Communications | Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.v1_java_deserial-CSCwd64245.cop.sha512 | ||
| Cisco | Unified Communications | Unity Connection versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512 | ||
| Cisco | Unified Communications | Unity Connection versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Virtualized Voice Browser (VVB) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.v1_java_deserial-CSCwd64245.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Packaged Contact Center Enterprise (PCCE) et Unified Contact Center Enterprise (UCCE) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Contact Center Express (UCCX) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.v1_java_deserial-CSCwd64245.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unity Connection versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512",
"product": {
"name": "Unified Communications",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20253"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0068",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Unified Communications.\nElle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Cisco Unified Communications",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-rce-bWNzQcUm du 24 janvier 2024",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
]
}
CVE-2024-20253 (GCVE-0-2024-20253)
Vulnerability from cvelistv5 – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
VLAI
EPSS
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
Severity
9.9 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Contact Center Enterprise |
Affected:
N/A
|
|
| Cisco | Cisco Unity Connection |
Affected:
12.0(1)SU1
Affected: 12.0(1)SU2 Affected: 12.0(1)SU3 Affected: 12.0(1)SU4 Affected: 12.0(1)SU5 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 14 Affected: 14SU1 Affected: 14SU2 |
|
| Cisco | Cisco Unified Communications Manager |
Affected:
12.0(1)SU1
Affected: 12.0(1)SU2 Affected: 12.0(1)SU3 Affected: 12.0(1)SU4 Affected: 12.0(1)SU5 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 12.5(1)SU7a Affected: 14 Affected: 14SU1 Affected: 14SU2 |
|
| Cisco | Cisco Unified Contact Center Express |
Affected:
8.5(1)
Affected: 9.0(2)SU3ES04 Affected: 10.0(1)SU1 Affected: 10.0(1)SU1ES04 Affected: 10.5(1) Affected: 10.5(1)SU1 Affected: 10.5(1)SU1ES10 Affected: 10.6(1) Affected: 10.6(1)SU1 Affected: 10.6(1)SU3 Affected: 10.6(1)SU2 Affected: 10.6(1)SU3ES03 Affected: 10.6(1)SU2ES04 Affected: 10.6(1)SU3ES02 Affected: 10.6(1)SU3ES01 Affected: 11.0(1)SU1 Affected: 11.0(1)SU1ES03 Affected: 11.0(1)SU1ES02 Affected: 11.5(1)SU1 Affected: 11.5(1)SU1ES02 Affected: 11.5(1)SU1ES01 Affected: 11.5(1)SU1ES03 Affected: 11.5(1)ES01 Affected: 12.0(1) Affected: 12.0(1)ES01 Affected: 12.0(1)ES03 Affected: 12.0(1)ES04 Affected: 12.0(1)ES02 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)_SU01_ES03 Affected: 12.5(1)ES03 Affected: 12.5(1)_SU01_ES01 Affected: 12.5(1)_SU02_ES02 Affected: 12.5(1)_SU01_ES02 Affected: 12.5(1)_SU02_ES03 Affected: 12.5(1)ES01 Affected: 12.5(1)_SU02_ES01 Affected: 12.5(1)ES02 Affected: 12.5(1)_SU03_ES01 Affected: 12.5(1)_SU02_ES04 Affected: 12.5(1)_SU03_ES02 Affected: 12.5(1)_SU03_ES03 Affected: 12.5(1)_SU03_ES04 Affected: 11.6(1) Affected: 11.6(2) Affected: 11.6(1)ES01 Affected: 11.6(2)ES06 Affected: 11.6(1)ES02 Affected: 11.6(2)ES01 Affected: 11.6(2)ES03 Affected: 11.6(2)ES07 Affected: 11.6(2)ES08 Affected: 11.6(2)ES02 Affected: 11.6(2)ES05 Affected: 11.6(2)ES04 |
|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
10.5(1)
Affected: 10.5(2) Affected: 10.5(2a) Affected: 10.5(2b) Affected: 10.5(2)SU3 Affected: 10.5(2)SU2a Affected: 10.5(2)SU4a Affected: 10.5(2)SU4 Affected: 10.5(1)SU3 Affected: 10.5(1)SU1 Affected: 10.5(2)SU1 Affected: 10.5(2)SU2 Affected: 10.5(1)SU2 Affected: 11.5(1) Affected: 11.5(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU3 Affected: 11.5(1)SU3a Affected: 11.5(1)SU4 Affected: 11.5(1)SU5 Affected: 11.5(1)SU5a Affected: 11.5(1)SU6 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 11.5(1)SU9 Affected: 11.5(1)SU10 Affected: 11.5(1)SU11 Affected: 11.0(1) Affected: 11.0(1)SU1 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 14 Affected: 14SU1 Affected: 14SU2 Affected: 14SU2a Affected: 10.0(1) Affected: 10.0(1)SU1 Affected: 10.0(1)SU2 |
|
| Cisco | Cisco Virtualized Voice Browser |
Affected:
11.0(1)
Affected: 11.5(1) Affected: 11.5(1)ES29 Affected: 11.5(1)ES32 Affected: 11.5(1)_ES43 Affected: 11.5(1)_ES54 Affected: 11.5(1)_ES27 Affected: 11.5(1)ES36 Affected: 11.5(1)_ES32 Affected: 11.5(1)_ES29 Affected: 11.5(1)_ES36 Affected: 11.5(1)ES43 Affected: 11.5(1)_ES53 Affected: 11.5(1)ES27 Affected: 11.6(1) Affected: 11.6(1)_ES82 Affected: 11.6(1)_ES22 Affected: 11.6(1)_ES81 Affected: 11.6(1)_ES87 Affected: 11.6(1)_ES84 Affected: 11.6(1)_ES85 Affected: 11.6(1)_ES83 Affected: 11.6(1)_ES80 Affected: 11.6(1)_ES86 Affected: 11.6(1)_ES88 Affected: 12.5(1)_ES04 Affected: 12.5(1)_ES07 Affected: 12.5(1)_ES02 Affected: 12.5(1) Affected: 12.5(1)_ES08 Affected: 12.5(1)_ES03 Affected: 12.5(1)_ES06 Affected: 12.5(1)_ES09 Affected: 12.5(1)_ES14 Affected: 12.5(1)SU Affected: 12.5(1)_ES15 Affected: 12.5(1)_SU Affected: 12.5(1)_SU_ES01 Affected: 12.5(1)_ES11 Affected: 12.5(1)_ES12 Affected: 12.5(2)_ET Affected: 12.5(1)_SU_ES02 Affected: 12.5(1)_ES10 Affected: 12.0(1) Affected: 12.0(1)_ES02 Affected: 12.0(1)_ES01 Affected: 12.0(1)_ES06 Affected: 12.0(1)_ES07 Affected: 12.0(1)_ES05 Affected: 12.0(1)_ES04 Affected: 12.0(1)_ES03 Affected: 12.0(1)_ES08 Affected: 12.6(1) Affected: 12.6(1)_ES04 Affected: 12.6(1)_ES03 Affected: 12.6(1)_ES09 Affected: 12.6(1)_ES06 Affected: 12.6(1)_ES08 Affected: 12.6(1)_ES05 Affected: 12.6(2)_ES03 Affected: 12.6(1)_ES02 Affected: 12.6(1)_ES01 Affected: 12.6(2) Affected: 12.6(2)_ET01 Affected: 12.6(2)_ES02 Affected: 12.6(2)_ES01 Affected: 12.6(1)_ES07 |
|
| Cisco | Cisco Packaged Contact Center Enterprise |
Affected:
10.5(1)
Affected: 10.5(2) Affected: 10.5(1)_ES7 Affected: 10.5(2)_ES8 Affected: 11.0(1) Affected: 11.0(2) Affected: 11.5(1) Affected: 11.6(1) Affected: 11.6(2) Affected: 12.0(1) Affected: 12.5(1) Affected: 12.5(2) Affected: 12.6(1) Affected: 12.6(2) |
|
| Cisco | Cisco Unified Communications Manager / Cisco Unity Connection |
Affected:
10.5(2)SU10
Affected: 10.5(1) Affected: 10.5(1)SU1 Affected: 10.5(1)SU1a Affected: 10.5(2) Affected: 10.5(2)SU1 Affected: 10.5(2)SU2 Affected: 10.5(2)SU3 Affected: 10.5(2)SU4 Affected: 10.5(2)SU5 Affected: 10.5(2)SU6 Affected: 10.5(2)SU7 Affected: 10.5(2)SU8 Affected: 10.5(2)SU9 Affected: 10.5(2)SU2a Affected: 10.5(2)SU3a Affected: 10.5(2)SU4a Affected: 10.5(2)SU6a Affected: 11.0(1) Affected: 11.0(1a) Affected: 11.0(1a)SU1 Affected: 11.0(1a)SU2 Affected: 11.0(1a)SU3 Affected: 11.0(1a)SU3a Affected: 11.0(1a)SU4 Affected: 11.0.1 Affected: 11.0.2 Affected: 11.0.5 Affected: 11.5(1) Affected: 11.5(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU3 Affected: 11.5(1)SU3a Affected: 11.5(1)SU3b Affected: 11.5(1)SU4 Affected: 11.5(1)SU5 Affected: 11.5(1)SU6 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 11.5(1)SU9 Affected: 11.5(1)SU10 Affected: 11.5(1)SU11 Affected: 10.0(1)SU2 Affected: 10.0(1) Affected: 10.0(1)SU1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-rce-bWNzQcUm",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:42:43.844502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:12:21.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Contact Center Enterprise",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "11.6(2)ES04"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
},
{
"product": "Cisco Virtualized Voice Browser",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)ES29"
},
{
"status": "affected",
"version": "11.5(1)ES32"
},
{
"status": "affected",
"version": "11.5(1)_ES43"
},
{
"status": "affected",
"version": "11.5(1)_ES54"
},
{
"status": "affected",
"version": "11.5(1)_ES27"
},
{
"status": "affected",
"version": "11.5(1)ES36"
},
{
"status": "affected",
"version": "11.5(1)_ES32"
},
{
"status": "affected",
"version": "11.5(1)_ES29"
},
{
"status": "affected",
"version": "11.5(1)_ES36"
},
{
"status": "affected",
"version": "11.5(1)ES43"
},
{
"status": "affected",
"version": "11.5(1)_ES53"
},
{
"status": "affected",
"version": "11.5(1)ES27"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES82"
},
{
"status": "affected",
"version": "11.6(1)_ES22"
},
{
"status": "affected",
"version": "11.6(1)_ES81"
},
{
"status": "affected",
"version": "11.6(1)_ES87"
},
{
"status": "affected",
"version": "11.6(1)_ES84"
},
{
"status": "affected",
"version": "11.6(1)_ES85"
},
{
"status": "affected",
"version": "11.6(1)_ES83"
},
{
"status": "affected",
"version": "11.6(1)_ES80"
},
{
"status": "affected",
"version": "11.6(1)_ES86"
},
{
"status": "affected",
"version": "11.6(1)_ES88"
},
{
"status": "affected",
"version": "12.5(1)_ES04"
},
{
"status": "affected",
"version": "12.5(1)_ES07"
},
{
"status": "affected",
"version": "12.5(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES08"
},
{
"status": "affected",
"version": "12.5(1)_ES03"
},
{
"status": "affected",
"version": "12.5(1)_ES06"
},
{
"status": "affected",
"version": "12.5(1)_ES09"
},
{
"status": "affected",
"version": "12.5(1)_ES14"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.5(1)_ES15"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES01"
},
{
"status": "affected",
"version": "12.5(1)_ES11"
},
{
"status": "affected",
"version": "12.5(1)_ES12"
},
{
"status": "affected",
"version": "12.5(2)_ET"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES02"
},
{
"status": "affected",
"version": "12.0(1)_ES01"
},
{
"status": "affected",
"version": "12.0(1)_ES06"
},
{
"status": "affected",
"version": "12.0(1)_ES07"
},
{
"status": "affected",
"version": "12.0(1)_ES05"
},
{
"status": "affected",
"version": "12.0(1)_ES04"
},
{
"status": "affected",
"version": "12.0(1)_ES03"
},
{
"status": "affected",
"version": "12.0(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(1)_ES04"
},
{
"status": "affected",
"version": "12.6(1)_ES03"
},
{
"status": "affected",
"version": "12.6(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES06"
},
{
"status": "affected",
"version": "12.6(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)_ES05"
},
{
"status": "affected",
"version": "12.6(2)_ES03"
},
{
"status": "affected",
"version": "12.6(1)_ES02"
},
{
"status": "affected",
"version": "12.6(1)_ES01"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_ET01"
},
{
"status": "affected",
"version": "12.6(2)_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ES01"
},
{
"status": "affected",
"version": "12.6(1)_ES07"
}
]
},
{
"product": "Cisco Packaged Contact Center Enterprise",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(1)_ES7"
},
{
"status": "affected",
"version": "10.5(2)_ES8"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(2)"
}
]
},
{
"product": "Cisco Unified Communications Manager / Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(2)SU10"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(2)SU5"
},
{
"status": "affected",
"version": "10.5(2)SU6"
},
{
"status": "affected",
"version": "10.5(2)SU7"
},
{
"status": "affected",
"version": "10.5(2)SU8"
},
{
"status": "affected",
"version": "10.5(2)SU9"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU3a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU6a"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1a)"
},
{
"status": "affected",
"version": "11.0(1a)SU1"
},
{
"status": "affected",
"version": "11.0(1a)SU2"
},
{
"status": "affected",
"version": "11.0(1a)SU3"
},
{
"status": "affected",
"version": "11.0(1a)SU3a"
},
{
"status": "affected",
"version": "11.0(1a)SU4"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.0.5"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU3b"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:33.881Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-rce-bWNzQcUm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"source": {
"advisory": "cisco-sa-cucm-rce-bWNzQcUm",
"defects": [
"CSCwe18830",
"CSCwe18773",
"CSCwe18840",
"CSCwd64292",
"CSCwd64245",
"CSCwd64276"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20253",
"datePublished": "2024-01-26T17:28:30.761Z",
"dateReserved": "2023-11-08T15:08:07.622Z",
"dateUpdated": "2025-05-29T15:12:21.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…