Cisco, a global leader in networking and cybersecurity solutions, has raised a red flag regarding a critical security vulnerability affecting its Unified Communications Manager (CM) and Contact Center Solutions products.
The severity of this remote code execution flaw, identified as CVE-2024-20253, poses a significant threat. The company urges immediate attention to safeguard affected devices.
Cisco Software Flaw is Rated 'Critical'
A security flaw on Cisco software is discovered to be capable of making root access through a malware. Because of this, users need to patch the software immediately.
Based on Bleeping Computer's report, the vulnerability was brought to light by Julien Egloff, a researcher at Synacktiv, and has been assigned a severity score of 9.9 out of 10.
The flaw arises from the improper processing of user-provided data, making the affected devices susceptible to arbitrary code execution. If exploited, an unauthorized remote attacker could execute malicious code, potentially gaining control over the affected device.
Related Article: Cisco Strengthens Cybersecurity with $28 Billion Splunk Acquisition
Impacted Cisco Products
According to TechRadar, the vulnerability affects several Cisco products in their default configurations, including but not limited to:
- Packaged Contact Center Enterprise (PCCE)
- Unified Communications Manager (Unified CM)
- Unified Communications Manager IM & Presence Service (Unified CM IM&P)
- Unified Contact Center Enterprise (UCCE)
- Unified Contact Center Express (UCCX)
- Unity Connection
- Virtualized Voice Browser (VVB)
No Fix For This Vulnerability
At the time, Cisco said that there is no workaround for this vulnerability, and the primary course of action is to apply the available security updates promptly. The following releases address the critical remote code execution flaw:
- PCCE: Apply patch ucos.v1_java_deserial-CSCwd64245.cop.sgn for versions 12.5(1) and 12.5(2).
- Unified CM and Unified CME: For versions 12.5(1)SU8 or ciscocm.v1_java_deserial-CSCwd64245.cop.sha512 and 14SU3 or ciscocm.v1_java_deserial-CSCwd64245.cop.sha512.
- Unified CM IM&P: For versions 12.5(1)SU8 or ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512 and 14SU3 or ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512.
- UCCE: Apply patch ucos.v1_java_deserial-CSCwd64245.cop.sgn for versions 12.5(1) and 12.5(2).
- UCCX: Apply patch ucos.v1_java_deserial-CSCwd64245.cop.sgn for version 12.5(1).
- VVB: Apply patch ucos.v1_java_deserial-CSCwd64245.cop.sgn for versions 12.5(1) and 12.5(2).
What Cisco Advises to Administrators
In cases where immediate application of updates is challenging, administrators are advised to implement access control lists (ACLs) on intermediary devices. These ACLs should be configured to permit access only to the ports of deployed services, effectively controlling traffic reaching the affected components.
No Known Exploitation Yet
Cisco reassures users that, as of now, there are no public announcements or reported instances of malicious exploitation of the identified vulnerability. However, given the potential risks, immediate action is strongly recommended to secure the affected Cisco devices and prevent any potential compromise.
In other news, Network World reports Cisco AppDynamics launched a new management product for out-of-date software agents.
According to Cisco's AppDynamics general manager Ronak Desai, the new Smart Agent package paves the way for easier handling of agents. It lightens the tedious load of such tasks.
"While in many companies, the operations teams are dealing with agents in the tens of thousands, those at large enterprises often handle hundreds of thousands of agents, depending on the number and type of applications being observed," Desai said.
Read Also: Sweden Needs More Time to Recover From Series of Cyberattacks: What Did Akira Ransomware Gang Do?
