Major vulnerability found in Cisco software could allow remote attacker to launch malware

cisco logo
(Image credit: Shutterstock / Ken Wolter)

Cisco has reported a critical vulnerability in some of its most widely-used software, and has urged users to patch their endpoints immediately.

In a security advisory, Cisco said it addressed an improper processing of user-provided data read into memory flaw in multiple Unified Communications Manager (UCM) programs, and Contact Center Solutions products. 

The flaw is tracked as CVE-2024-20253, carrying a severity score of 9.9/10.

Severe Cisco flaws

The flaw, first discovered by security researcher Julien Egloff of Synactktiv, allows threat actors to wreak havoc on the vulnerable devices. Apparently, they would be able to send a custom message to a listening port, which would grant them the ability to launch arbitrary commands and thus establish root access via malware.

The software is generally used by enterprises for voice, video, and messaging services, as well as for customer engagement and customer management. 

Here is the full list of vulnerable products and their versions:

  • Packaged Contact Center Enterprise (PCCE) versions 12.0 and earlier, 12.5(1) and 12.5(2)
  • Unified Communications Manager (Unified CM) versions 11.5, 12.5(1), and 14. (same for Unified CM SME)
  • Unified Communications Manager IM & Presence Service (Unified CM IM&P) versions 11.5(1), 12.5(1), and 14. 
  • Unified Contact Center Enterprise (UCCE) versions 12.0 and earlier, 12.5(1), and 12.5(2).
  • Unified Contact Center Express (UCCX) versions 12.0 and earlier and 12.5(1).
  • Unity Connection versions 11.5(1), 12.5(1), and 14.
  • Virtualized Voice Browser (VVB) versions 12.0 and earlier, 12.5(1), and 12.5(2).

There is no workaround for the vulnerability, Cisco warned, so the only way to remain secure is to apply the patch. Here is a list of the software versions that are no longer vulnerable: 

  • PCCE: 12.5(1) and 12.5(2) apply patch ucos.v1_java_deserial-CSCwd64245.cop.sgn.
  • Unified CM and Unified CME: 12.5(1)SU8 or ciscocm.v1_java_deserial-CSCwd64245.cop.sha512. 14SU3 or ciscocm.v1_java_deserial-CSCwd64245.cop.sha512.
  • Unified CM IM&P: 12.5(1)SU8 or ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512. 14SU3 or ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512.
  • UCCE: Apply patch ucos.v1_java_deserial-CSCwd64245.cop.sgn for 12.5(1) and 12.5(2).
  • UCCX: Apply patch ucos.v1_java_deserial-CSCwd64245.cop.sgn for 12.5(1).
  • VVB: Apply patch ucos.v1_java_deserial-CSCwd64245.cop.sgn for 12.5(1) and 12.5(2).

 So far, there has been no evidence of abuse, Cisco concluded. 

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.