SUBJECT: Unauthenticated Remote Code Execution in Cisco Unified Communications
TECH STACK: Cisco Unified Communications Manager (Unified CM), Unified CM IM&P, Unified CM SME, UCCX, Unity Connection, VVB
DATE(S) ISSUED: 01/24/2024
NVD Last Modified: 01/25/2024
CRITICALITY: CRITICAL (CVSS Score: 9.9) - This vulnerability poses an extremely high risk of compromise for affected systems. Immediate action is required.
OVERVIEW:
CVE-2024-20253 is a critical vulnerability in Cisco Unified Communications and Contact Center Solutions products that allows unauthenticated remote attackers to execute arbitrary code on affected devices. This means an attacker could potentially take complete control of your system including:
- Stealing sensitive data (emails, call recordings, customer information)
- Installing malware and ransomware
- Disrupting or disabling critical business operations
- Launching further attacks against your network
AFFECTED PRODUCTS:
- Unified Communications Manager (Unified CM) (all versions)
- Unified Communications Manager IM&P (all versions)
- Unified Communications Manager Session Management Edition (Unified CM SME) (all versions)
- Unified Contact Center Express (UCCX) (all versions)
- Unity Connection (all versions)
- Virtualized Voice Browser (VVB) (all versions)
ADDITIONAL PRODUCTS NOT AFFECTED:
- Customer Collaboration Portal (CCP), formerly SocialMiner
- Customer Voice Portal (CVP)
- Emergency Responder (CER)
- Finesse
- Hosted Collaboration Mediation Fulfillment (HCM-F)
- Packaged Contact Center Enterprise (PCCE)
- Prime Collaboration Deployment (PCD)
- Prime License Manager (PLM)
- Remote Expert Mobile
- Unified Contact Center Domain Manager (CCDM)
- Unified Contact Center Enterprise (UCCE)
- Unified Contact Center Management Portal (Unified CCMP)
- Unified Intelligence Center (CUIC)
SOLUTION
- Apply Cisco software updates immediately: Patching is the only definitive way to mitigate this vulnerability. Download and install the relevant updates according to your specific product and version from the Cisco Security Advisory: https://www.hkcert.org/security-bulletin/cisco-unity-connection-remote-code-execution-vulnerability_20240112
- Consider access control lists (ACLs): While not a complete solution, implementing ACLs on intermediary devices can restrict access to vulnerable ports and provide an additional layer of defense. Refer to the Cisco Unified Communications Manager TCP and UDP Port Usage document for detailed guidance.
ADDITIONAL RECOMMENDATIONS:
- Follow best practices for securing Cisco Unified Communications and Contact Center Solutions outlined in the relevant Cisco Security Guides.
- Regularly review and update Cisco software to stay protected against newly discovered vulnerabilities.
- Monitor your systems for suspicious activity and implement intrusion detection/prevention systems.
- Have a comprehensive incident response plan in place to address potential security breaches.
HANDS ON CONSULTATION:
If you would like additional hands on remediation instruction feel free to reach out to support@cyrisk.com or fill out the form below. We welcome the opportunity to become an extension of your team.
Third Party Advisories:
- Cisco Security Advisory
- CVE Record
- Cisco Unified Communications Manager TCP and UDP Port Usage Overview
- Security Guide for Cisco Unified Communications Manager
CONFIRMATION & ADDITIONAL INFORMATION:
This vulnerability poses a significant risk to your organization. Take immediate action to patch your systems and implement additional security measures.
