Input validation

2024-01-2618:15:00

PRIOn knowledge base

www.prio-n.com

cisco

vulnerability

remote attacker

arbitrary code

memory processing

crafted message

privilege escalation

root access

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.1%

JSON

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.

CPENameOperatorVersion
unified_communications_managereq< 12.51su8
unified_communications_managerge14.0
unified_communications_managerlt14
unified_communications_managerge14.0
unified_communications_managerlt14
unified_communications_managereq< 12.51su8
unified_communications_manager_im_and_presence_serviceeq< 12.51su8
unified_communications_manager_im_and_presence_servicege14.0
unified_communications_manager_im_and_presence_servicelt14.0
unified_contact_center_expresseq12.51.0

Name	Operator	Version
unified_communications_manager	eq	< 12.51su8
unified_communications_manager	ge	14.0
unified_communications_manager	lt	14
unified_communications_manager	ge	14.0
unified_communications_manager	lt	14
unified_communications_manager	eq	< 12.51su8
unified_communications_manager_im_and_presence_service	eq	< 12.51su8
unified_communications_manager_im_and_presence_service	ge	14.0
unified_communications_manager_im_and_presence_service	lt	14.0
unified_contact_center_express	eq	12.51.0