Cisco Releases Update to Fix Critical Vulnerability in Unified Communications and Contact Center Products
Cisco has issued a security update to address a critical vulnerability affecting its products of Unified Communications and Contact Center. The vulnerability, known as Ultrasound Visitability, could potentially allow an unauthorized remote attacker to execute arbitrary code on the targeted device. This security issue has been assigned the identifier CVE-2024-20253 with a CVSS score of 9.9.
The vulnerability arises from the improper handling of user-provided data by the affected products. Exploiting this weakness, an attacker can send a specially crafted message to the listening port of the vulnerable device, thereby gaining the ability to run arbitrary commands within the device’s operating system. Moreover, successful exploitation of the vulnerability allows the attacker to obtain ROOT user access, granting them full control over the device’s functions, files, and system settings.
While ROOT user access may offer increased flexibility and control for experienced users and developers, it also carries significant risks. Misconfigured changes or the installation of malicious software can potentially damage the device or compromise its security.
Cisco advises all users of the affected Unified Communications and Contact Center products to install the security update immediately, as it eliminates the vulnerability and ensures the protection of their systems.
For more information on the security update, please visit the official Cisco Security Advisory.