Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0068
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Cisco Unified Communications. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Cisco | Unified Communications | Virtualized Voice Browser (VVB) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
Cisco | Unified Communications | Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.v1_java_deserial-CSCwd64245.cop.sha512 | ||
Cisco | Unified Communications | Packaged Contact Center Enterprise (PCCE) et Unified Contact Center Enterprise (UCCE) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
Cisco | Unified Communications | Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512 | ||
Cisco | Unified Communications | Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512 | ||
Cisco | Unified Communications | Unified Contact Center Express (UCCX) versions 12.x et antérieures sans le correctif de sécurité ucos.v1_java_deserial-CSCwd64245.cop.sgn | ||
Cisco | Unified Communications | Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.v1_java_deserial-CSCwd64245.cop.sha512 | ||
Cisco | Unified Communications | Unity Connection versions 14.x antérieures à 14SU3 ou avec le correctif de sécurité ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512 | ||
Cisco | Unified Communications | Unity Connection versions 11.x et 12.x antérieures à 12.5(1)SU8 ou avec le correctif de sécurité ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512 |
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Virtualized Voice Browser (VVB) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.v1_java_deserial-CSCwd64245.cop.sha512", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Packaged Contact Center Enterprise (PCCE) et Unified Contact Center Enterprise (UCCE) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Unified Communications Manager IM \u0026 Presence Service (Unified CM IM\u0026P) versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Unified Contact Center Express (UCCX) versions 12.x et ant\u00e9rieures sans le correctif de s\u00e9curit\u00e9 ucos.v1_java_deserial-CSCwd64245.cop.sgn", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Unified Communications Manager (Unified CM) et Unified Communications Manager Session Management Edition (Unified CM SME) versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.v1_java_deserial-CSCwd64245.cop.sha512", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Unity Connection versions 14.x ant\u00e9rieures \u00e0 14SU3 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } }, { "description": "Unity Connection versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5(1)SU8 ou avec le correctif de s\u00e9curit\u00e9 ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512", "product": { "name": "Unified Communications", "vendor": { "name": "Cisco", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2024-20253", "url": "https://www.cve.org/CVERecord?id=CVE-2024-20253" } ], "initial_release_date": "2024-01-25T00:00:00", "last_revision_date": "2024-01-25T00:00:00", "links": [], "reference": "CERTFR-2024-AVI-0068", "revisions": [ { "description": "Version initiale", "revision_date": "2024-01-25T00:00:00.000000" } ], "risks": [ { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" } ], "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Cisco Unified Communications.\nElle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n", "title": "Vuln\u00e9rabilit\u00e9 dans Cisco Unified Communications", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-rce-bWNzQcUm du 24 janvier 2024", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm" } ] }
CVE-2024-20253 (GCVE-0-2024-20253)
Vulnerability from cvelistv5
Published
2024-01-26 17:28
Modified
2025-05-29 15:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Cisco | Cisco Unified Contact Center Enterprise |
Version: N/A |
|||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T21:52:31.560Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-cucm-rce-bWNzQcUm", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-20253", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-05-08T15:42:43.844502Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-05-29T15:12:21.257Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco Unified Contact Center Enterprise", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "product": "Cisco Unity Connection", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.0(1)SU1" }, { "status": "affected", "version": "12.0(1)SU2" }, { "status": "affected", "version": "12.0(1)SU3" }, { "status": "affected", "version": "12.0(1)SU4" }, { "status": "affected", "version": "12.0(1)SU5" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" } ] }, { "product": "Cisco Unified Communications Manager", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "12.0(1)SU1" }, { "status": "affected", "version": "12.0(1)SU2" }, { "status": "affected", "version": "12.0(1)SU3" }, { "status": "affected", "version": "12.0(1)SU4" }, { "status": "affected", "version": "12.0(1)SU5" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "12.5(1)SU7a" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" } ] }, { "product": "Cisco Unified Contact Center Express", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "8.5(1)" }, { "status": "affected", "version": "9.0(2)SU3ES04" }, { "status": "affected", "version": "10.0(1)SU1" }, { "status": "affected", "version": "10.0(1)SU1ES04" }, { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(1)SU1ES10" }, { "status": "affected", "version": "10.6(1)" }, { "status": "affected", "version": "10.6(1)SU1" }, { "status": "affected", "version": "10.6(1)SU3" }, { "status": "affected", "version": "10.6(1)SU2" }, { "status": "affected", "version": "10.6(1)SU3ES03" }, { "status": "affected", "version": "10.6(1)SU2ES04" }, { "status": "affected", "version": "10.6(1)SU3ES02" }, { "status": "affected", "version": "10.6(1)SU3ES01" }, { "status": "affected", "version": "11.0(1)SU1" }, { "status": "affected", "version": "11.0(1)SU1ES03" }, { "status": "affected", "version": "11.0(1)SU1ES02" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU1ES02" }, { "status": "affected", "version": "11.5(1)SU1ES01" }, { "status": "affected", "version": "11.5(1)SU1ES03" }, { "status": "affected", "version": "11.5(1)ES01" }, { "status": "affected", "version": "12.0(1)" }, { "status": "affected", "version": "12.0(1)ES01" }, { "status": "affected", "version": "12.0(1)ES03" }, { "status": "affected", "version": "12.0(1)ES04" }, { "status": "affected", "version": "12.0(1)ES02" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)_SU01_ES03" }, { "status": "affected", "version": "12.5(1)ES03" }, { "status": "affected", "version": "12.5(1)_SU01_ES01" }, { "status": "affected", "version": "12.5(1)_SU02_ES02" }, { "status": "affected", "version": "12.5(1)_SU01_ES02" }, { "status": "affected", "version": "12.5(1)_SU02_ES03" }, { "status": "affected", "version": "12.5(1)ES01" }, { "status": "affected", "version": "12.5(1)_SU02_ES01" }, { "status": "affected", "version": "12.5(1)ES02" }, { "status": "affected", "version": "12.5(1)_SU03_ES01" }, { "status": "affected", "version": "12.5(1)_SU02_ES04" }, { "status": "affected", "version": "12.5(1)_SU03_ES02" }, { "status": "affected", "version": "12.5(1)_SU03_ES03" }, { "status": "affected", "version": "12.5(1)_SU03_ES04" }, { "status": "affected", "version": "11.6(1)" }, { "status": "affected", "version": "11.6(2)" }, { "status": "affected", "version": "11.6(1)ES01" }, { "status": "affected", "version": "11.6(2)ES06" }, { "status": "affected", "version": "11.6(1)ES02" }, { "status": "affected", "version": "11.6(2)ES01" }, { "status": "affected", "version": "11.6(2)ES03" }, { "status": "affected", "version": "11.6(2)ES07" }, { "status": "affected", "version": "11.6(2)ES08" }, { "status": "affected", "version": "11.6(2)ES02" }, { "status": "affected", "version": "11.6(2)ES05" }, { "status": "affected", "version": "11.6(2)ES04" } ] }, { "product": "Cisco Unified Communications Manager IM and Presence Service", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(2a)" }, { "status": "affected", "version": "10.5(2b)" }, { "status": "affected", "version": "10.5(2)SU3" }, { "status": "affected", "version": "10.5(2)SU2a" }, { "status": "affected", "version": "10.5(2)SU4a" }, { "status": "affected", "version": "10.5(2)SU4" }, { "status": "affected", "version": "10.5(1)SU3" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(2)SU1" }, { "status": "affected", "version": "10.5(2)SU2" }, { "status": "affected", "version": "10.5(1)SU2" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU3a" }, { "status": "affected", "version": "11.5(1)SU4" }, { "status": "affected", "version": "11.5(1)SU5" }, { "status": "affected", "version": "11.5(1)SU5a" }, { "status": "affected", "version": "11.5(1)SU6" }, { "status": "affected", "version": "11.5(1)SU7" }, { "status": "affected", "version": "11.5(1)SU8" }, { "status": "affected", "version": "11.5(1)SU9" }, { "status": "affected", "version": "11.5(1)SU10" }, { "status": "affected", "version": "11.5(1)SU11" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(1)SU1" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)SU1" }, { "status": "affected", "version": "12.5(1)SU2" }, { "status": "affected", "version": "12.5(1)SU3" }, { "status": "affected", "version": "12.5(1)SU4" }, { "status": "affected", "version": "12.5(1)SU5" }, { "status": "affected", "version": "12.5(1)SU6" }, { "status": "affected", "version": "12.5(1)SU7" }, { "status": "affected", "version": "14" }, { "status": "affected", "version": "14SU1" }, { "status": "affected", "version": "14SU2" }, { "status": "affected", "version": "14SU2a" }, { "status": "affected", "version": "10.0(1)" }, { "status": "affected", "version": "10.0(1)SU1" }, { "status": "affected", "version": "10.0(1)SU2" } ] }, { "product": "Cisco Virtualized Voice Browser", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)ES29" }, { "status": "affected", "version": "11.5(1)ES32" }, { "status": "affected", "version": "11.5(1)_ES43" }, { "status": "affected", "version": "11.5(1)_ES54" }, { "status": "affected", "version": "11.5(1)_ES27" }, { "status": "affected", "version": "11.5(1)ES36" }, { "status": "affected", "version": "11.5(1)_ES32" }, { "status": "affected", "version": "11.5(1)_ES29" }, { "status": "affected", "version": "11.5(1)_ES36" }, { "status": "affected", "version": "11.5(1)ES43" }, { "status": "affected", "version": "11.5(1)_ES53" }, { "status": "affected", "version": "11.5(1)ES27" }, { "status": "affected", "version": "11.6(1)" }, { "status": "affected", "version": "11.6(1)_ES82" }, { "status": "affected", "version": "11.6(1)_ES22" }, { "status": "affected", "version": "11.6(1)_ES81" }, { "status": "affected", "version": "11.6(1)_ES87" }, { "status": "affected", "version": "11.6(1)_ES84" }, { "status": "affected", "version": "11.6(1)_ES85" }, { "status": "affected", "version": "11.6(1)_ES83" }, { "status": "affected", "version": "11.6(1)_ES80" }, { "status": "affected", "version": "11.6(1)_ES86" }, { "status": "affected", "version": "11.6(1)_ES88" }, { "status": "affected", "version": "12.5(1)_ES04" }, { "status": "affected", "version": "12.5(1)_ES07" }, { "status": "affected", "version": "12.5(1)_ES02" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(1)_ES08" }, { "status": "affected", "version": "12.5(1)_ES03" }, { "status": "affected", "version": "12.5(1)_ES06" }, { "status": "affected", "version": "12.5(1)_ES09" }, { "status": "affected", "version": "12.5(1)_ES14" }, { "status": "affected", "version": "12.5(1)SU" }, { "status": "affected", "version": "12.5(1)_ES15" }, { "status": "affected", "version": "12.5(1)_SU" }, { "status": "affected", "version": "12.5(1)_SU_ES01" }, { "status": "affected", "version": "12.5(1)_ES11" }, { "status": "affected", "version": "12.5(1)_ES12" }, { "status": "affected", "version": "12.5(2)_ET" }, { "status": "affected", "version": "12.5(1)_SU_ES02" }, { "status": "affected", "version": "12.5(1)_ES10" }, { "status": "affected", "version": "12.0(1)" }, { "status": "affected", "version": "12.0(1)_ES02" }, { "status": "affected", "version": "12.0(1)_ES01" }, { "status": "affected", "version": "12.0(1)_ES06" }, { "status": "affected", "version": "12.0(1)_ES07" }, { "status": "affected", "version": "12.0(1)_ES05" }, { "status": "affected", "version": "12.0(1)_ES04" }, { "status": "affected", "version": "12.0(1)_ES03" }, { "status": "affected", "version": "12.0(1)_ES08" }, { "status": "affected", "version": "12.6(1)" }, { "status": "affected", "version": "12.6(1)_ES04" }, { "status": "affected", "version": "12.6(1)_ES03" }, { "status": "affected", "version": "12.6(1)_ES09" }, { "status": "affected", "version": "12.6(1)_ES06" }, { "status": "affected", "version": "12.6(1)_ES08" }, { "status": "affected", "version": "12.6(1)_ES05" }, { "status": "affected", "version": "12.6(2)_ES03" }, { "status": "affected", "version": "12.6(1)_ES02" }, { "status": "affected", "version": "12.6(1)_ES01" }, { "status": "affected", "version": "12.6(2)" }, { "status": "affected", "version": "12.6(2)_ET01" }, { "status": "affected", "version": "12.6(2)_ES02" }, { "status": "affected", "version": "12.6(2)_ES01" }, { "status": "affected", "version": "12.6(1)_ES07" } ] }, { "product": "Cisco Packaged Contact Center Enterprise", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(1)_ES7" }, { "status": "affected", "version": "10.5(2)_ES8" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(2)" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.6(1)" }, { "status": "affected", "version": "11.6(2)" }, { "status": "affected", "version": "12.0(1)" }, { "status": "affected", "version": "12.5(1)" }, { "status": "affected", "version": "12.5(2)" }, { "status": "affected", "version": "12.6(1)" }, { "status": "affected", "version": "12.6(2)" } ] }, { "product": "Cisco Unified Communications Manager / Cisco Unity Connection", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "10.5(2)SU10" }, { "status": "affected", "version": "10.5(1)" }, { "status": "affected", "version": "10.5(1)SU1" }, { "status": "affected", "version": "10.5(1)SU1a" }, { "status": "affected", "version": "10.5(2)" }, { "status": "affected", "version": "10.5(2)SU1" }, { "status": "affected", "version": "10.5(2)SU2" }, { "status": "affected", "version": "10.5(2)SU3" }, { "status": "affected", "version": "10.5(2)SU4" }, { "status": "affected", "version": "10.5(2)SU5" }, { "status": "affected", "version": "10.5(2)SU6" }, { "status": "affected", "version": "10.5(2)SU7" }, { "status": "affected", "version": "10.5(2)SU8" }, { "status": "affected", "version": "10.5(2)SU9" }, { "status": "affected", "version": "10.5(2)SU2a" }, { "status": "affected", "version": "10.5(2)SU3a" }, { "status": "affected", "version": "10.5(2)SU4a" }, { "status": "affected", "version": "10.5(2)SU6a" }, { "status": "affected", "version": "11.0(1)" }, { "status": "affected", "version": "11.0(1a)" }, { "status": "affected", "version": "11.0(1a)SU1" }, { "status": "affected", "version": "11.0(1a)SU2" }, { "status": "affected", "version": "11.0(1a)SU3" }, { "status": "affected", "version": "11.0(1a)SU3a" }, { "status": "affected", "version": "11.0(1a)SU4" }, { "status": "affected", "version": "11.0.1" }, { "status": "affected", "version": "11.0.2" }, { "status": "affected", "version": "11.0.5" }, { "status": "affected", "version": "11.5(1)" }, { "status": "affected", "version": "11.5(1)SU1" }, { "status": "affected", "version": "11.5(1)SU2" }, { "status": "affected", "version": "11.5(1)SU3" }, { "status": "affected", "version": "11.5(1)SU3a" }, { "status": "affected", "version": "11.5(1)SU3b" }, { "status": "affected", "version": "11.5(1)SU4" }, { "status": "affected", "version": "11.5(1)SU5" }, { "status": "affected", "version": "11.5(1)SU6" }, { "status": "affected", "version": "11.5(1)SU7" }, { "status": "affected", "version": "11.5(1)SU8" }, { "status": "affected", "version": "11.5(1)SU9" }, { "status": "affected", "version": "11.5(1)SU10" }, { "status": "affected", "version": "11.5(1)SU11" }, { "status": "affected", "version": "10.0(1)SU2" }, { "status": "affected", "version": "10.0(1)" }, { "status": "affected", "version": "10.0(1)SU1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "Deserialization of Untrusted Data", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-02T15:42:33.881Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-cucm-rce-bWNzQcUm", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm" } ], "source": { "advisory": "cisco-sa-cucm-rce-bWNzQcUm", "defects": [ "CSCwe18830", "CSCwe18773", "CSCwe18840", "CSCwd64292", "CSCwd64245", "CSCwd64276" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2024-20253", "datePublished": "2024-01-26T17:28:30.761Z", "dateReserved": "2023-11-08T15:08:07.622Z", "dateUpdated": "2025-05-29T15:12:21.257Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…