WARNING: NEW REMOTE CODE EXECUTION VULNERABILITY IN MULTIPLE CISCO PRODUCTS, PATCH IMMEDIATELY!
CVE-2024-20253
CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H)
Sources
Risks
CVE-2024-20253 is a vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The impact on Integrity and Availability is Low, but the vulnerability has a High impact on Availability. The Attack Complexity is Low and there is no User Interaction required to exploit the vulnerability.
Description
As explained in the Cisco advisory: ‘An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.’
At the time of writing, Cisco has reported that there is no evidence that CVE-2024-20253 has been exploited in the wild.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Cisco has released free software updates that address the vulnerability. Please see the Cisco advisory for more information.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.