#VU85776 Deserialization of Untrusted Data in Cisco Systems, Inc products - CVE-2024-20253

Cybersecurity Help s.r.o.

Published: 2024-01-24

Vulnerability identifier: #VU85776

Vulnerability risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2024-20253

CWE-ID: CWE-502

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Cisco Packaged Contact Center Enterprise
Client/Desktop applications / Office applications
Cisco Unified Communications Manager
Server applications / Other server solutions
Cisco Unified Communications Manager IM & Presence Service
Client/Desktop applications / Other client software
Cisco Unified Communications Manager Session Management Edition
Server applications / Remote management servers, RDP, SSH
Cisco Unified Contact Center Enterprise
Server applications / Conferencing, Collaboration and VoIP solutions
Cisco Unified Contact Center Express
Server applications / Web servers
Cisco Unity Connection
Client/Desktop applications / Messaging software
Cisco Virtualized Voice Browser
Client/Desktop applications / Web browsers

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can send a specially crafted message to a listening port of an affected device and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco Packaged Contact Center Enterprise: 12.0.0 - 12.5.2

Cisco Unified Communications Manager: 11.5(1) - 14.0

Cisco Unified Communications Manager IM & Presence Service: 11.0 - 14.0.0.98000.868

Cisco Unified Communications Manager Session Management Edition: 11.0 - 14.0.1.11900.3

Cisco Unified Contact Center Enterprise: 12.0 - 12.5.2

Cisco Unified Contact Center Express: 12.0 - 12.5.1

Cisco Unity Connection: 12.0 - 14.0.1.14006-5

Cisco Virtualized Voice Browser: 12.5.0 - 12.5.2

External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd64245
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd64276
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd64292
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe18773
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe18830
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe18840

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Deserialization of untrusted data in Cisco Unified Communications products