Critical Cisco Unified Communications RCE Bug Allows Root Access

The vulnerability, tracked as CVE-2024-20253, makes enterprise communications infrastructure and customer service call centers sitting ducks for unauthenticated cyberattackers.

Cisco logo on networking gear
Source: Anucha Cheechang via Shutterstock

A critical security vulnerability in Cisco Unified Communications and Contact Center Solutions (UC/CC) could allow unauthenticated remote code execution (RCE).

The bug (CVE-2024-20253, 9.9 CVSS) arises thanks to "improper processing of user-provided data that is being read into memory," according to Cisco's advisory, issued yesterday.

Remote attackers who are not logged onto the system can simply send specially crafted messages to a vulnerable device's listening port in order to achieve RCE; from there, they can execute code on the underlying operating system with the privileges of the Web services user, and/or gain root access.

Cisco's UC/CC platforms are used by small and midsized businesses (SMBs) and enterprises to provide communications over IP, including voice calling, video calls, mobile integration, chat and messaging, app integrations, and more. As such, device compromise could have a number of bad outcomes, including: locking up an organization's communications infrastructure with ransomware and disrupting customer service interactions; allowing cyberattackers to infiltrate IP phones and other endpoints hooked into the system; eavesdropping on communications; data exfiltration; recon for follow-on phishing attacks; and more.

Cisco's advisory offers a list of affected versions and corresponding patches. For those unable to immediately update, the networking giant also detailed a mitigation path. This involves establishing access control lists (ACLs) on intermediary devices that separate the UC/CC cluster from the rest of the network, "to allow access only to the ports of deployed services."

About the Author(s)

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights