CVE-2024-20253 (GCVE-0-2024-20253)
Vulnerability from cvelistv5 – Published: 2024-01-26 17:28 – Updated: 2025-05-29 15:12
VLAI
Summary
A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
Severity
9.9 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco Unified Contact Center Enterprise |
Affected:
N/A
|
|
| Cisco | Cisco Unity Connection |
Affected:
12.0(1)SU1
Affected: 12.0(1)SU2 Affected: 12.0(1)SU3 Affected: 12.0(1)SU4 Affected: 12.0(1)SU5 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 14 Affected: 14SU1 Affected: 14SU2 |
|
| Cisco | Cisco Unified Communications Manager |
Affected:
12.0(1)SU1
Affected: 12.0(1)SU2 Affected: 12.0(1)SU3 Affected: 12.0(1)SU4 Affected: 12.0(1)SU5 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 12.5(1)SU7a Affected: 14 Affected: 14SU1 Affected: 14SU2 |
|
| Cisco | Cisco Unified Contact Center Express |
Affected:
8.5(1)
Affected: 9.0(2)SU3ES04 Affected: 10.0(1)SU1 Affected: 10.0(1)SU1ES04 Affected: 10.5(1) Affected: 10.5(1)SU1 Affected: 10.5(1)SU1ES10 Affected: 10.6(1) Affected: 10.6(1)SU1 Affected: 10.6(1)SU3 Affected: 10.6(1)SU2 Affected: 10.6(1)SU3ES03 Affected: 10.6(1)SU2ES04 Affected: 10.6(1)SU3ES02 Affected: 10.6(1)SU3ES01 Affected: 11.0(1)SU1 Affected: 11.0(1)SU1ES03 Affected: 11.0(1)SU1ES02 Affected: 11.5(1)SU1 Affected: 11.5(1)SU1ES02 Affected: 11.5(1)SU1ES01 Affected: 11.5(1)SU1ES03 Affected: 11.5(1)ES01 Affected: 12.0(1) Affected: 12.0(1)ES01 Affected: 12.0(1)ES03 Affected: 12.0(1)ES04 Affected: 12.0(1)ES02 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)_SU01_ES03 Affected: 12.5(1)ES03 Affected: 12.5(1)_SU01_ES01 Affected: 12.5(1)_SU02_ES02 Affected: 12.5(1)_SU01_ES02 Affected: 12.5(1)_SU02_ES03 Affected: 12.5(1)ES01 Affected: 12.5(1)_SU02_ES01 Affected: 12.5(1)ES02 Affected: 12.5(1)_SU03_ES01 Affected: 12.5(1)_SU02_ES04 Affected: 12.5(1)_SU03_ES02 Affected: 12.5(1)_SU03_ES03 Affected: 12.5(1)_SU03_ES04 Affected: 11.6(1) Affected: 11.6(2) Affected: 11.6(1)ES01 Affected: 11.6(2)ES06 Affected: 11.6(1)ES02 Affected: 11.6(2)ES01 Affected: 11.6(2)ES03 Affected: 11.6(2)ES07 Affected: 11.6(2)ES08 Affected: 11.6(2)ES02 Affected: 11.6(2)ES05 Affected: 11.6(2)ES04 |
|
| Cisco | Cisco Unified Communications Manager IM and Presence Service |
Affected:
10.5(1)
Affected: 10.5(2) Affected: 10.5(2a) Affected: 10.5(2b) Affected: 10.5(2)SU3 Affected: 10.5(2)SU2a Affected: 10.5(2)SU4a Affected: 10.5(2)SU4 Affected: 10.5(1)SU3 Affected: 10.5(1)SU1 Affected: 10.5(2)SU1 Affected: 10.5(2)SU2 Affected: 10.5(1)SU2 Affected: 11.5(1) Affected: 11.5(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU3 Affected: 11.5(1)SU3a Affected: 11.5(1)SU4 Affected: 11.5(1)SU5 Affected: 11.5(1)SU5a Affected: 11.5(1)SU6 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 11.5(1)SU9 Affected: 11.5(1)SU10 Affected: 11.5(1)SU11 Affected: 11.0(1) Affected: 11.0(1)SU1 Affected: 12.5(1) Affected: 12.5(1)SU1 Affected: 12.5(1)SU2 Affected: 12.5(1)SU3 Affected: 12.5(1)SU4 Affected: 12.5(1)SU5 Affected: 12.5(1)SU6 Affected: 12.5(1)SU7 Affected: 14 Affected: 14SU1 Affected: 14SU2 Affected: 14SU2a Affected: 10.0(1) Affected: 10.0(1)SU1 Affected: 10.0(1)SU2 |
|
| Cisco | Cisco Virtualized Voice Browser |
Affected:
11.0(1)
Affected: 11.5(1) Affected: 11.5(1)ES29 Affected: 11.5(1)ES32 Affected: 11.5(1)_ES43 Affected: 11.5(1)_ES54 Affected: 11.5(1)_ES27 Affected: 11.5(1)ES36 Affected: 11.5(1)_ES32 Affected: 11.5(1)_ES29 Affected: 11.5(1)_ES36 Affected: 11.5(1)ES43 Affected: 11.5(1)_ES53 Affected: 11.5(1)ES27 Affected: 11.6(1) Affected: 11.6(1)_ES82 Affected: 11.6(1)_ES22 Affected: 11.6(1)_ES81 Affected: 11.6(1)_ES87 Affected: 11.6(1)_ES84 Affected: 11.6(1)_ES85 Affected: 11.6(1)_ES83 Affected: 11.6(1)_ES80 Affected: 11.6(1)_ES86 Affected: 11.6(1)_ES88 Affected: 12.5(1)_ES04 Affected: 12.5(1)_ES07 Affected: 12.5(1)_ES02 Affected: 12.5(1) Affected: 12.5(1)_ES08 Affected: 12.5(1)_ES03 Affected: 12.5(1)_ES06 Affected: 12.5(1)_ES09 Affected: 12.5(1)_ES14 Affected: 12.5(1)SU Affected: 12.5(1)_ES15 Affected: 12.5(1)_SU Affected: 12.5(1)_SU_ES01 Affected: 12.5(1)_ES11 Affected: 12.5(1)_ES12 Affected: 12.5(2)_ET Affected: 12.5(1)_SU_ES02 Affected: 12.5(1)_ES10 Affected: 12.0(1) Affected: 12.0(1)_ES02 Affected: 12.0(1)_ES01 Affected: 12.0(1)_ES06 Affected: 12.0(1)_ES07 Affected: 12.0(1)_ES05 Affected: 12.0(1)_ES04 Affected: 12.0(1)_ES03 Affected: 12.0(1)_ES08 Affected: 12.6(1) Affected: 12.6(1)_ES04 Affected: 12.6(1)_ES03 Affected: 12.6(1)_ES09 Affected: 12.6(1)_ES06 Affected: 12.6(1)_ES08 Affected: 12.6(1)_ES05 Affected: 12.6(2)_ES03 Affected: 12.6(1)_ES02 Affected: 12.6(1)_ES01 Affected: 12.6(2) Affected: 12.6(2)_ET01 Affected: 12.6(2)_ES02 Affected: 12.6(2)_ES01 Affected: 12.6(1)_ES07 |
|
| Cisco | Cisco Packaged Contact Center Enterprise |
Affected:
10.5(1)
Affected: 10.5(2) Affected: 10.5(1)_ES7 Affected: 10.5(2)_ES8 Affected: 11.0(1) Affected: 11.0(2) Affected: 11.5(1) Affected: 11.6(1) Affected: 11.6(2) Affected: 12.0(1) Affected: 12.5(1) Affected: 12.5(2) Affected: 12.6(1) Affected: 12.6(2) |
|
| Cisco | Cisco Unified Communications Manager / Cisco Unity Connection |
Affected:
10.5(2)SU10
Affected: 10.5(1) Affected: 10.5(1)SU1 Affected: 10.5(1)SU1a Affected: 10.5(2) Affected: 10.5(2)SU1 Affected: 10.5(2)SU2 Affected: 10.5(2)SU3 Affected: 10.5(2)SU4 Affected: 10.5(2)SU5 Affected: 10.5(2)SU6 Affected: 10.5(2)SU7 Affected: 10.5(2)SU8 Affected: 10.5(2)SU9 Affected: 10.5(2)SU2a Affected: 10.5(2)SU3a Affected: 10.5(2)SU4a Affected: 10.5(2)SU6a Affected: 11.0(1) Affected: 11.0(1a) Affected: 11.0(1a)SU1 Affected: 11.0(1a)SU2 Affected: 11.0(1a)SU3 Affected: 11.0(1a)SU3a Affected: 11.0(1a)SU4 Affected: 11.0.1 Affected: 11.0.2 Affected: 11.0.5 Affected: 11.5(1) Affected: 11.5(1)SU1 Affected: 11.5(1)SU2 Affected: 11.5(1)SU3 Affected: 11.5(1)SU3a Affected: 11.5(1)SU3b Affected: 11.5(1)SU4 Affected: 11.5(1)SU5 Affected: 11.5(1)SU6 Affected: 11.5(1)SU7 Affected: 11.5(1)SU8 Affected: 11.5(1)SU9 Affected: 11.5(1)SU10 Affected: 11.5(1)SU11 Affected: 10.0(1)SU2 Affected: 10.0(1) Affected: 10.0(1)SU1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:52:31.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-cucm-rce-bWNzQcUm",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20253",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:42:43.844502Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-29T15:12:21.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Unified Contact Center Enterprise",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "N/A"
}
]
},
{
"product": "Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Communications Manager",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.0(1)SU1"
},
{
"status": "affected",
"version": "12.0(1)SU2"
},
{
"status": "affected",
"version": "12.0(1)SU3"
},
{
"status": "affected",
"version": "12.0(1)SU4"
},
{
"status": "affected",
"version": "12.0(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "12.5(1)SU7a"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
}
]
},
{
"product": "Cisco Unified Contact Center Express",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "8.5(1)"
},
{
"status": "affected",
"version": "9.0(2)SU3ES04"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU1ES04"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1ES10"
},
{
"status": "affected",
"version": "10.6(1)"
},
{
"status": "affected",
"version": "10.6(1)SU1"
},
{
"status": "affected",
"version": "10.6(1)SU3"
},
{
"status": "affected",
"version": "10.6(1)SU2"
},
{
"status": "affected",
"version": "10.6(1)SU3ES03"
},
{
"status": "affected",
"version": "10.6(1)SU2ES04"
},
{
"status": "affected",
"version": "10.6(1)SU3ES02"
},
{
"status": "affected",
"version": "10.6(1)SU3ES01"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "11.0(1)SU1ES03"
},
{
"status": "affected",
"version": "11.0(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU1ES02"
},
{
"status": "affected",
"version": "11.5(1)SU1ES01"
},
{
"status": "affected",
"version": "11.5(1)SU1ES03"
},
{
"status": "affected",
"version": "11.5(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)ES01"
},
{
"status": "affected",
"version": "12.0(1)ES03"
},
{
"status": "affected",
"version": "12.0(1)ES04"
},
{
"status": "affected",
"version": "12.0(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES03"
},
{
"status": "affected",
"version": "12.5(1)ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU01_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES03"
},
{
"status": "affected",
"version": "12.5(1)ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES01"
},
{
"status": "affected",
"version": "12.5(1)ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES01"
},
{
"status": "affected",
"version": "12.5(1)_SU02_ES04"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES02"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES03"
},
{
"status": "affected",
"version": "12.5(1)_SU03_ES04"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "11.6(1)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES06"
},
{
"status": "affected",
"version": "11.6(1)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES01"
},
{
"status": "affected",
"version": "11.6(2)ES03"
},
{
"status": "affected",
"version": "11.6(2)ES07"
},
{
"status": "affected",
"version": "11.6(2)ES08"
},
{
"status": "affected",
"version": "11.6(2)ES02"
},
{
"status": "affected",
"version": "11.6(2)ES05"
},
{
"status": "affected",
"version": "11.6(2)ES04"
}
]
},
{
"product": "Cisco Unified Communications Manager IM and Presence Service",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2a)"
},
{
"status": "affected",
"version": "10.5(2b)"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(1)SU3"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU5a"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)SU1"
},
{
"status": "affected",
"version": "12.5(1)SU2"
},
{
"status": "affected",
"version": "12.5(1)SU3"
},
{
"status": "affected",
"version": "12.5(1)SU4"
},
{
"status": "affected",
"version": "12.5(1)SU5"
},
{
"status": "affected",
"version": "12.5(1)SU6"
},
{
"status": "affected",
"version": "12.5(1)SU7"
},
{
"status": "affected",
"version": "14"
},
{
"status": "affected",
"version": "14SU1"
},
{
"status": "affected",
"version": "14SU2"
},
{
"status": "affected",
"version": "14SU2a"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
},
{
"status": "affected",
"version": "10.0(1)SU2"
}
]
},
{
"product": "Cisco Virtualized Voice Browser",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)ES29"
},
{
"status": "affected",
"version": "11.5(1)ES32"
},
{
"status": "affected",
"version": "11.5(1)_ES43"
},
{
"status": "affected",
"version": "11.5(1)_ES54"
},
{
"status": "affected",
"version": "11.5(1)_ES27"
},
{
"status": "affected",
"version": "11.5(1)ES36"
},
{
"status": "affected",
"version": "11.5(1)_ES32"
},
{
"status": "affected",
"version": "11.5(1)_ES29"
},
{
"status": "affected",
"version": "11.5(1)_ES36"
},
{
"status": "affected",
"version": "11.5(1)ES43"
},
{
"status": "affected",
"version": "11.5(1)_ES53"
},
{
"status": "affected",
"version": "11.5(1)ES27"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(1)_ES82"
},
{
"status": "affected",
"version": "11.6(1)_ES22"
},
{
"status": "affected",
"version": "11.6(1)_ES81"
},
{
"status": "affected",
"version": "11.6(1)_ES87"
},
{
"status": "affected",
"version": "11.6(1)_ES84"
},
{
"status": "affected",
"version": "11.6(1)_ES85"
},
{
"status": "affected",
"version": "11.6(1)_ES83"
},
{
"status": "affected",
"version": "11.6(1)_ES80"
},
{
"status": "affected",
"version": "11.6(1)_ES86"
},
{
"status": "affected",
"version": "11.6(1)_ES88"
},
{
"status": "affected",
"version": "12.5(1)_ES04"
},
{
"status": "affected",
"version": "12.5(1)_ES07"
},
{
"status": "affected",
"version": "12.5(1)_ES02"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(1)_ES08"
},
{
"status": "affected",
"version": "12.5(1)_ES03"
},
{
"status": "affected",
"version": "12.5(1)_ES06"
},
{
"status": "affected",
"version": "12.5(1)_ES09"
},
{
"status": "affected",
"version": "12.5(1)_ES14"
},
{
"status": "affected",
"version": "12.5(1)SU"
},
{
"status": "affected",
"version": "12.5(1)_ES15"
},
{
"status": "affected",
"version": "12.5(1)_SU"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES01"
},
{
"status": "affected",
"version": "12.5(1)_ES11"
},
{
"status": "affected",
"version": "12.5(1)_ES12"
},
{
"status": "affected",
"version": "12.5(2)_ET"
},
{
"status": "affected",
"version": "12.5(1)_SU_ES02"
},
{
"status": "affected",
"version": "12.5(1)_ES10"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)_ES02"
},
{
"status": "affected",
"version": "12.0(1)_ES01"
},
{
"status": "affected",
"version": "12.0(1)_ES06"
},
{
"status": "affected",
"version": "12.0(1)_ES07"
},
{
"status": "affected",
"version": "12.0(1)_ES05"
},
{
"status": "affected",
"version": "12.0(1)_ES04"
},
{
"status": "affected",
"version": "12.0(1)_ES03"
},
{
"status": "affected",
"version": "12.0(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(1)_ES04"
},
{
"status": "affected",
"version": "12.6(1)_ES03"
},
{
"status": "affected",
"version": "12.6(1)_ES09"
},
{
"status": "affected",
"version": "12.6(1)_ES06"
},
{
"status": "affected",
"version": "12.6(1)_ES08"
},
{
"status": "affected",
"version": "12.6(1)_ES05"
},
{
"status": "affected",
"version": "12.6(2)_ES03"
},
{
"status": "affected",
"version": "12.6(1)_ES02"
},
{
"status": "affected",
"version": "12.6(1)_ES01"
},
{
"status": "affected",
"version": "12.6(2)"
},
{
"status": "affected",
"version": "12.6(2)_ET01"
},
{
"status": "affected",
"version": "12.6(2)_ES02"
},
{
"status": "affected",
"version": "12.6(2)_ES01"
},
{
"status": "affected",
"version": "12.6(1)_ES07"
}
]
},
{
"product": "Cisco Packaged Contact Center Enterprise",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(1)_ES7"
},
{
"status": "affected",
"version": "10.5(2)_ES8"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.6(1)"
},
{
"status": "affected",
"version": "11.6(2)"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "12.5(2)"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "12.6(2)"
}
]
},
{
"product": "Cisco Unified Communications Manager / Cisco Unity Connection",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "10.5(2)SU10"
},
{
"status": "affected",
"version": "10.5(1)"
},
{
"status": "affected",
"version": "10.5(1)SU1"
},
{
"status": "affected",
"version": "10.5(1)SU1a"
},
{
"status": "affected",
"version": "10.5(2)"
},
{
"status": "affected",
"version": "10.5(2)SU1"
},
{
"status": "affected",
"version": "10.5(2)SU2"
},
{
"status": "affected",
"version": "10.5(2)SU3"
},
{
"status": "affected",
"version": "10.5(2)SU4"
},
{
"status": "affected",
"version": "10.5(2)SU5"
},
{
"status": "affected",
"version": "10.5(2)SU6"
},
{
"status": "affected",
"version": "10.5(2)SU7"
},
{
"status": "affected",
"version": "10.5(2)SU8"
},
{
"status": "affected",
"version": "10.5(2)SU9"
},
{
"status": "affected",
"version": "10.5(2)SU2a"
},
{
"status": "affected",
"version": "10.5(2)SU3a"
},
{
"status": "affected",
"version": "10.5(2)SU4a"
},
{
"status": "affected",
"version": "10.5(2)SU6a"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "11.0(1a)"
},
{
"status": "affected",
"version": "11.0(1a)SU1"
},
{
"status": "affected",
"version": "11.0(1a)SU2"
},
{
"status": "affected",
"version": "11.0(1a)SU3"
},
{
"status": "affected",
"version": "11.0(1a)SU3a"
},
{
"status": "affected",
"version": "11.0(1a)SU4"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.0.5"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "11.5(1)SU1"
},
{
"status": "affected",
"version": "11.5(1)SU2"
},
{
"status": "affected",
"version": "11.5(1)SU3"
},
{
"status": "affected",
"version": "11.5(1)SU3a"
},
{
"status": "affected",
"version": "11.5(1)SU3b"
},
{
"status": "affected",
"version": "11.5(1)SU4"
},
{
"status": "affected",
"version": "11.5(1)SU5"
},
{
"status": "affected",
"version": "11.5(1)SU6"
},
{
"status": "affected",
"version": "11.5(1)SU7"
},
{
"status": "affected",
"version": "11.5(1)SU8"
},
{
"status": "affected",
"version": "11.5(1)SU9"
},
{
"status": "affected",
"version": "11.5(1)SU10"
},
{
"status": "affected",
"version": "11.5(1)SU11"
},
{
"status": "affected",
"version": "10.0(1)SU2"
},
{
"status": "affected",
"version": "10.0(1)"
},
{
"status": "affected",
"version": "10.0(1)SU1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-02T15:42:33.881Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-cucm-rce-bWNzQcUm",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm"
}
],
"source": {
"advisory": "cisco-sa-cucm-rce-bWNzQcUm",
"defects": [
"CSCwe18830",
"CSCwe18773",
"CSCwe18840",
"CSCwd64292",
"CSCwd64245",
"CSCwd64276"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20253",
"datePublished": "2024-01-26T17:28:30.761Z",
"dateReserved": "2023-11-08T15:08:07.622Z",
"dateUpdated": "2025-05-29T15:12:21.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-20253",
"date": "2026-05-29",
"epss": "0.03027",
"percentile": "0.86875"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*\", \"versionEndExcluding\": \"12.5\\\\(1\\\\)su8\", \"matchCriteriaId\": \"FB3C1282-5EC8-4E46-ADD9-898449D96A22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14su3\", \"matchCriteriaId\": \"312C8052-DA09-4B61-9E90-E9EEE265A4BC\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*\", \"versionEndExcluding\": \"12.5\\\\(1\\\\)su8\", \"matchCriteriaId\": \"EA4F43B2-1C73-415B-84BF-26D0322FA2C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14su3\", \"matchCriteriaId\": \"C64C5167-7428-4F9E-B1E9-CAD3236B64AD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.5\\\\(1\\\\)su8\", \"matchCriteriaId\": \"DFF9029D-553F-43FD-8F37-86B11A17EC91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14.0su3\", \"matchCriteriaId\": \"D09B9BD3-3C31-4816-AD4C-043543C56DB5\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.5\\\\(1\\\\)su8\", \"matchCriteriaId\": \"E2BC7834-136A-4117-BEDC-0C96EC59227B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14su3\", \"matchCriteriaId\": \"06851CA9-B778-4471-BB1D-A2237B225A4C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\):-:*:*:*:*:*:*\", \"matchCriteriaId\": \"66E25EE4-AB7B-42BF-A703-0C2E83E83577\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:virtualized_voice_browser:12.5\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3164D29F-4726-4438-9F31-8644B1C2F0E7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A2BE523-1AAF-4AB5-ACA3-A1E194590B09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A7B033E-5B7F-4C11-9C6C-CA4363770A7A\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en m\\u00faltiples productos Cisco Unified Communications y Contact Center Solutions podr\\u00eda permitir que un atacante remoto no autenticado ejecute c\\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe al procesamiento inadecuado de los datos proporcionados por el usuario que se leen en la memoria. Un atacante podr\\u00eda aprovechar esta vulnerabilidad enviando un mensaje manipulado a un puerto de escucha de un dispositivo afectado. Una explotaci\\u00f3n exitosa podr\\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente con los privilegios del usuario de servicios web. Con acceso al sistema operativo subyacente, el atacante tambi\\u00e9n podr\\u00eda establecer acceso root en el dispositivo afectado.\"}]",
"id": "CVE-2024-20253",
"lastModified": "2024-11-21T08:52:06.980",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.3}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 10.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 6.0}]}",
"published": "2024-01-26T18:15:10.970",
"references": "[{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-20253\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2024-01-26T18:15:10.970\",\"lastModified\":\"2025-05-29T16:15:33.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en m\u00faltiples productos Cisco Unified Communications y Contact Center Solutions podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo arbitrario en un dispositivo afectado. Esta vulnerabilidad se debe al procesamiento inadecuado de los datos proporcionados por el usuario que se leen en la memoria. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un mensaje manipulado a un puerto de escucha de un dispositivo afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante ejecutar comandos arbitrarios en el sistema operativo subyacente con los privilegios del usuario de servicios web. Con acceso al sistema operativo subyacente, el atacante tambi\u00e9n podr\u00eda establecer acceso root en el dispositivo afectado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*\",\"versionEndExcluding\":\"12.5\\\\(1\\\\)su8\",\"matchCriteriaId\":\"FB3C1282-5EC8-4E46-ADD9-898449D96A22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14su3\",\"matchCriteriaId\":\"312C8052-DA09-4B61-9E90-E9EEE265A4BC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*\",\"versionEndExcluding\":\"12.5\\\\(1\\\\)su8\",\"matchCriteriaId\":\"EA4F43B2-1C73-415B-84BF-26D0322FA2C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14su3\",\"matchCriteriaId\":\"C64C5167-7428-4F9E-B1E9-CAD3236B64AD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.5\\\\(1\\\\)su8\",\"matchCriteriaId\":\"DFF9029D-553F-43FD-8F37-86B11A17EC91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.0su3\",\"matchCriteriaId\":\"D09B9BD3-3C31-4816-AD4C-043543C56DB5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.5\\\\(1\\\\)su8\",\"matchCriteriaId\":\"E2BC7834-136A-4117-BEDC-0C96EC59227B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14su3\",\"matchCriteriaId\":\"06851CA9-B778-4471-BB1D-A2237B225A4C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:12.5\\\\(1\\\\):-:*:*:*:*:*:*\",\"matchCriteriaId\":\"66E25EE4-AB7B-42BF-A703-0C2E83E83577\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:virtualized_voice_browser:12.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3164D29F-4726-4438-9F31-8644B1C2F0E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A2BE523-1AAF-4AB5-ACA3-A1E194590B09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A7B033E-5B7F-4C11-9C6C-CA4363770A7A\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm\", \"name\": \"cisco-sa-cucm-rce-bWNzQcUm\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:52:31.560Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20253\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-08T15:42:43.844502Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502 Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-08T15:42:45.358Z\"}}], \"cna\": {\"source\": {\"defects\": [\"CSCwe18830\", \"CSCwe18773\", \"CSCwe18840\", \"CSCwd64292\", \"CSCwd64245\", \"CSCwd64276\"], \"advisory\": \"cisco-sa-cucm-rce-bWNzQcUm\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Contact Center Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"N/A\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unity Connection\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SU4\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SU5\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU4\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU5\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU6\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU7\"}, {\"status\": \"affected\", \"version\": \"14\"}, {\"status\": \"affected\", \"version\": \"14SU1\"}, {\"status\": \"affected\", \"version\": \"14SU2\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Communications Manager\", \"versions\": [{\"status\": \"affected\", \"version\": \"12.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SU4\"}, {\"status\": \"affected\", \"version\": \"12.0(1)SU5\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU4\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU5\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU6\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU7\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU7a\"}, {\"status\": \"affected\", \"version\": \"14\"}, {\"status\": \"affected\", \"version\": \"14SU1\"}, {\"status\": \"affected\", \"version\": \"14SU2\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Contact Center Express\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.5(1)\"}, {\"status\": \"affected\", \"version\": \"9.0(2)SU3ES04\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1ES04\"}, {\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1ES10\"}, {\"status\": \"affected\", \"version\": \"10.6(1)\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU2\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES03\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU2ES04\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES02\"}, {\"status\": \"affected\", \"version\": \"10.6(1)SU3ES01\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1ES03\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES02\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES01\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1ES03\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES03\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES04\"}, {\"status\": \"affected\", \"version\": \"12.0(1)ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES01\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU01_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES01\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES01\"}, {\"status\": \"affected\", \"version\": \"12.5(1)ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES01\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU02_ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU03_ES04\"}, {\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(2)\"}, {\"status\": \"affected\", \"version\": \"11.6(1)ES01\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES06\"}, {\"status\": \"affected\", \"version\": \"11.6(1)ES02\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES01\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES03\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES07\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES08\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES02\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES05\"}, {\"status\": \"affected\", \"version\": \"11.6(2)ES04\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Communications Manager IM and Presence Service\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(2)\"}, {\"status\": \"affected\", \"version\": \"10.5(2a)\"}, {\"status\": \"affected\", \"version\": \"10.5(2b)\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU3\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU2a\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU4a\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU4\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU2\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU3a\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU4\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU5\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU5a\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU6\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU7\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU8\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU9\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU10\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU11\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU4\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU5\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU6\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU7\"}, {\"status\": \"affected\", \"version\": \"14\"}, {\"status\": \"affected\", \"version\": \"14SU1\"}, {\"status\": \"affected\", \"version\": \"14SU2\"}, {\"status\": \"affected\", \"version\": \"14SU2a\"}, {\"status\": \"affected\", \"version\": \"10.0(1)\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU2\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Virtualized Voice Browser\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES29\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES32\"}, {\"status\": \"affected\", \"version\": \"11.5(1)_ES43\"}, {\"status\": \"affected\", \"version\": \"11.5(1)_ES54\"}, {\"status\": \"affected\", \"version\": \"11.5(1)_ES27\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES36\"}, {\"status\": \"affected\", \"version\": \"11.5(1)_ES32\"}, {\"status\": \"affected\", \"version\": \"11.5(1)_ES29\"}, {\"status\": \"affected\", \"version\": \"11.5(1)_ES36\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES43\"}, {\"status\": \"affected\", \"version\": \"11.5(1)_ES53\"}, {\"status\": \"affected\", \"version\": \"11.5(1)ES27\"}, {\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES82\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES22\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES81\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES87\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES84\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES85\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES83\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES80\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES86\"}, {\"status\": \"affected\", \"version\": \"11.6(1)_ES88\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES04\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES07\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES08\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES03\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES06\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES09\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES14\"}, {\"status\": \"affected\", \"version\": \"12.5(1)SU\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES15\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU_ES01\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES11\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES12\"}, {\"status\": \"affected\", \"version\": \"12.5(2)_ET\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_SU_ES02\"}, {\"status\": \"affected\", \"version\": \"12.5(1)_ES10\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"12.0(1)_ES02\"}, {\"status\": \"affected\", \"version\": \"12.0(1)_ES01\"}, {\"status\": \"affected\", \"version\": \"12.0(1)_ES06\"}, {\"status\": \"affected\", \"version\": \"12.0(1)_ES07\"}, {\"status\": \"affected\", \"version\": \"12.0(1)_ES05\"}, {\"status\": \"affected\", \"version\": \"12.0(1)_ES04\"}, {\"status\": \"affected\", \"version\": \"12.0(1)_ES03\"}, {\"status\": \"affected\", \"version\": \"12.0(1)_ES08\"}, {\"status\": \"affected\", \"version\": \"12.6(1)\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES04\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES03\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES09\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES06\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES08\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES05\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_ES03\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES02\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES01\"}, {\"status\": \"affected\", \"version\": \"12.6(2)\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_ET01\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_ES02\"}, {\"status\": \"affected\", \"version\": \"12.6(2)_ES01\"}, {\"status\": \"affected\", \"version\": \"12.6(1)_ES07\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Packaged Contact Center Enterprise\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(2)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)_ES7\"}, {\"status\": \"affected\", \"version\": \"10.5(2)_ES8\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(2)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(1)\"}, {\"status\": \"affected\", \"version\": \"11.6(2)\"}, {\"status\": \"affected\", \"version\": \"12.0(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(1)\"}, {\"status\": \"affected\", \"version\": \"12.5(2)\"}, {\"status\": \"affected\", \"version\": \"12.6(1)\"}, {\"status\": \"affected\", \"version\": \"12.6(2)\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco Unified Communications Manager / Cisco Unity Connection\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.5(2)SU10\"}, {\"status\": \"affected\", \"version\": \"10.5(1)\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(1)SU1a\"}, {\"status\": \"affected\", \"version\": \"10.5(2)\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU1\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU2\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU3\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU4\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU5\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU6\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU7\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU8\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU9\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU2a\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU3a\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU4a\"}, {\"status\": \"affected\", \"version\": \"10.5(2)SU6a\"}, {\"status\": \"affected\", \"version\": \"11.0(1)\"}, {\"status\": \"affected\", \"version\": \"11.0(1a)\"}, {\"status\": \"affected\", \"version\": \"11.0(1a)SU1\"}, {\"status\": \"affected\", \"version\": \"11.0(1a)SU2\"}, {\"status\": \"affected\", \"version\": \"11.0(1a)SU3\"}, {\"status\": \"affected\", \"version\": \"11.0(1a)SU3a\"}, {\"status\": \"affected\", \"version\": \"11.0(1a)SU4\"}, {\"status\": \"affected\", \"version\": \"11.0.1\"}, {\"status\": \"affected\", \"version\": \"11.0.2\"}, {\"status\": \"affected\", \"version\": \"11.0.5\"}, {\"status\": \"affected\", \"version\": \"11.5(1)\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU1\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU2\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU3\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU3a\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU3b\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU4\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU5\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU6\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU7\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU8\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU9\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU10\"}, {\"status\": \"affected\", \"version\": \"11.5(1)SU11\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU2\"}, {\"status\": \"affected\", \"version\": \"10.0(1)\"}, {\"status\": \"affected\", \"version\": \"10.0(1)SU1\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm\", \"name\": \"cisco-sa-cucm-rce-bWNzQcUm\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-502\", \"description\": \"Deserialization of Untrusted Data\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-02-02T15:42:33.881Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-20253\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-29T15:12:21.257Z\", \"dateReserved\": \"2023-11-08T15:08:07.622Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-01-26T17:28:30.761Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…