Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-20253
HistoryJan 26, 2024 - 6:15 p.m.

CVE-2024-20253

2024-01-2618:15:10
CWE-502
[email protected]
web.nvd.nist.gov
2
cisco
vulnerability
remote attack
arbitrary code execution
memory processing

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.1%

JSON

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.

Affected configurations

NVD
Node
ciscounified_communications_managerRange<12.5\(1\)su8-
OR
ciscounified_communications_managerRange14.014su3
Node
ciscounified_communications_managerRange<12.5\(1\)su8session_management
OR
ciscounified_communications_managerRange14.014su3session_management
Node
ciscounified_communications_manager_im_and_presence_serviceRange<12.5\(1\)su8
OR
ciscounified_communications_manager_im_and_presence_serviceRange14.014.0su3
Node
ciscounity_connectionRange<12.5\(1\)su8
OR
ciscounity_connectionRange14.014su3
Node
ciscounified_contact_center_expressMatch12.5\(1\)-
Node
ciscovirtualized_voice_browserMatch12.5\(1\)
OR
ciscovirtualized_voice_browserMatch12.6\(1\)
OR
ciscovirtualized_voice_browserMatch12.6\(2\)

Related

nessus 3
cisco 1
prion 1
cve 1
cvelist 1
thn 1
nessus
nessus
Cisco Unity Connection RCE (cisco-sa-cucm-rce-bWNzQcUm)
2024-01-25 00:00:00
Cisco Unified Communications Manager RCE (cisco-sa-cucm-rce-bWNzQcUm)
2024-01-25 00:00:00
Cisco Unified Communications Manager IM & Presence RCE (cisco-sa-cucm-rce-bWNzQcUm)
2024-01-25 00:00:00
cisco
cisco
Cisco Unified Communications Products Remote Code Execution Vulnerability
2024-01-24 16:00:00
prion
prion
Input validation
2024-01-26 18:15:00
cve
cve
CVE-2024-20253
2024-01-26 18:15:10
cvelist
cvelist
CVE-2024-20253
2024-01-26 17:28:30
thn
thn
Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems
2024-01-26 05:13:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.1%

JSON
Related for NVD:CVE-2024-20253
nessus3cisco1prion1cve1cvelist1thn1