Home Cyber Security Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

H-Tech News
-
0
Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
Cisco

Cisco has launched patches to handle a important safety flaw impacting Unified Communications and Contact Middle Options merchandise that might allow an unauthenticated, distant attacker to execute arbitrary code on an affected gadget.

Tracked as CVE-2024-20253 (CVSS rating: 9.9), the difficulty stems from improper processing of user-provided information {that a} risk actor might abuse to ship a specifically crafted message to a listening port of a vulnerable equipment.

“A profitable exploit might permit the attacker to execute arbitrary instructions on the underlying working system with the privileges of the online companies person,” Cisco stated in an advisory. “With entry to the underlying working system, the attacker might additionally set up root entry on the affected gadget.”

Synacktiv safety researcher Julien Egloff has been credited with discovering and reporting CVE-2024-20253. The next merchandise are impacted by the flaw –

  • Unified Communications Supervisor (variations 11.5, 12.5(1), and 14)
  • Unified Communications Supervisor IM & Presence Service (variations 11.5(1), 12.5(1), and 14)
  • Unified Communications Supervisor Session Administration Version (variations 11.5, 12.5(1), and 14)
  • Unified Contact Middle Categorical (variations 12.0 and earlier and 12.5(1))
  • Unity Connection (variations 11.5(1), 12.5(1), and 14), and
  • Virtualized Voice Browser (variations 12.0 and earlier, 12.5(1), and 12.5(2))

Whereas there aren’t any workarounds that handle the shortcoming, the networking gear maker is urging customers to arrange entry management lists to restrict entry the place making use of the updates just isn’t instantly attainable.

“Set up entry management lists (ACLs) on middleman gadgets that separate the Cisco Unified Communications or Cisco Contact Middle Options cluster from customers and the remainder of the community to permit entry solely to the ports of deployed companies,” the corporate stated.

The disclosure arrives weeks after Cisco shipped fixes for a important safety flaw impacting Unity Connection (CVE-2024-20272, CVSS rating: 7.3) that might allow an adversary to execute arbitrary instructions on the underlying system.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

© Newspaper WordPress Theme by TagDiv