top of page
Clipeus

Cisco Patches Critical Vulnerability



On January 24, 2024, Cisco issued an advisory concerning CVE-2024-20253 with a CVSS score of 9.9, impacting various Cisco Unified Communications and Contact Center Solutions products (listed in the table below).


The vulnerability is due to improper processing of user-input data and may result in a potential malicious attacker crafting messages to be directed towards a listening port on a vulnerable instances exposed to the internet and subsequently achieving remote code execution with access to the underlying operating system. The level of privilege will depend on the privileges assigned to the web services users and may be potentially at root level.

There are no workarounds. The recommendation is the patch vulnerable instances.

Release

First Fixed Release

Unified Communications Manager Session Management Edition (Unified CM SME)

11.5(1)

Migrate to a fixed release

12.5(1)

12.5(1)SU8 or ciscocm.v1_java_deserial-CSCwd64245.cop.sha512

14

14SU3 or  ciscocm.v1_java_deserial-CSCwd64245.cop.sha512

15

Not vulnerable

Unified Communications Manager IM & Presence Service (Unified CM IM&P)

11.5(1)

Migrate to a fixed release

12.5(1)

12.5(1)SU8 or ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512

14

14SU3 or ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512

15

Not vulnerable

Unity Connection

11.5(1)

Migrate to a fixed release

12.5(1)

12.5(1)SU8 or ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512

14

14SU3 or ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512

15

Not vulnerable

Unified Contact Center Express (UCCX)

12.0 and earlier

Migrate to a fixed release

12.5(1)

ucos.v1_java_deserial-CSCwd64245.cop.sgn

15

Not vulnerable

Virtualized Voice Browser (VVB)

12.0 and earlier.

Migrate to a fixed release

12.5(1) and 12.5(2)

ucos.v1_java_deserial-CSCwd64245.cop.sgn

15

Not vulnerable


If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page