Users of various Cisco unified communication products should check if their environments are vulnerable to critical vulnerabilities.
The main vulnerability is a remote code execution (RCE) vulnerability labeled as CVE-2024-20253. It affects the default configuration of products such as Packaged Contact Center Enterprise, Unified Communications Manager, Unified Communications Manager IM and Presence Service, Unified Communications Manager Session Management Edition, Unified Contact Center Enterprise, Unified Contact Center Express, Unity Connection, and Virtualized Voice Browser.
The vulnerability was reported by Julien Egloff from Synacktiv and involves the processing of user-supplied data that is read into the system’s memory. An attacker could exploit this vulnerability by sending manipulated messages to the listening port on the affected device.
Exploiting the vulnerability would allow for the execution of arbitrary commands in the operating system with the privileges of the network service account. Gaining access to the operating system would also grant the attacker administrative access to the device.
In Cisco’s announcement, they mention only one possible mitigation method, which is the use of Access Control Lists (ACLs) to separate users and the rest of the network from the integrated communication clusters or contact center. This would restrict access only to ports related to the deployed services.
The same Cisco advisory also includes a patch for a vulnerability labeled as CVE-2022-20716, which affects the company’s SD-WAN software. This vulnerability pertains to access control, allowing a local attacker to escalate privileges to the root account. It affects software such as vBond orchestrator, SD-WAN vEdge routers (including cloud routers), vManage software, and vSmart controller software.
FAQ:
1. Which Cisco products are vulnerable to the critical remote code execution (RCE) vulnerability?
The products susceptible to this vulnerability include Packaged Contact Center Enterprise, Unified Communications Manager, Unified Communications Manager IM and Presence Service, Unified Communications Manager Session Management Edition, Unified Contact Center Enterprise, Unified Contact Center Express, Unity Connection, and Virtualized Voice Browser.
2. Who discovered this vulnerability?
The vulnerability was reported by Synacktiv, specifically by Julien Egloff.
3. How does this vulnerability work?
The vulnerability involves the processing of user-supplied data that is read into the system’s memory. An attacker could exploit this vulnerability by sending manipulated messages to the listening port on the affected device.
4. What are the potential consequences of exploiting this vulnerability?
Exploiting the vulnerability would allow an attacker to execute arbitrary commands in the operating system with the privileges of the network service account. The attacker could also gain administrative access to the device.
5. Has Cisco provided any recommendations for mitigating the vulnerabilities?
Yes, in their announcement, Cisco mentioned the use of Access Control Lists (ACLs) to separate users and the rest of the network from the integrated communication clusters or contact center. This would restrict access only to ports related to the deployed services.
6. Does Cisco also disclose another vulnerability in their SD-WAN software?
Yes, in the Cisco advisory, they mention a vulnerability labeled as CVE-2022-20716, which pertains to the SD-WAN software. This vulnerability relates to access control and allows a local attacker to escalate privileges to the root account. It affects software such as vBond orchestrator, SD-WAN vEdge routers, vManage software, and vSmart controller software.
Definitions:
– RCE (Remote Code Execution): A vulnerability that allows an attacker to execute code or commands on a remote system.
– CVE (Common Vulnerabilities and Exposures): A unique identifier given to computer vulnerabilities, used to facilitate the exchange of vulnerability information among various parties.
– ACL (Access Control Lists): A mechanism for controlling access that specifies the actions that users or processes can perform on a computer system.
Suggested related links:
– Cisco Homepage
– Cisco Security Center
The source of the article is from the blog elektrischnederland.nl