Security Advisory 2024-015

Release Date:

Remote Code Execution Vulnerability in Cisco Products



  • 29/01/2024 --- v1.0 -- Initial publication


On January 24, 2024, Cisco disclosed a critical vulnerability in multiple the Unified Communications and Contact Center Solutions products [1]. This vulnerability, tracked as CVE-2024-20253 with a CVSS score of 9.9, could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Currently, Cisco has no evidence of public proof of concept exploits for this vulnerability or active exploitation in the wild.

Technical Details

This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploitation could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.

Affected Products

This vulnerability affects the following Cisco products in the default configuration [2]:

  • Unified Communications Manager (Unified CM), versions 11.5, 12.5(1), and 14.
  • Unified Communications Manager IM & Presence Service (Unified CM IM&P), versions 11.5(1), 12.5(1), and 14.
  • Unified Communications Manager Session Management Edition (Unified CM SME), versions 11.5, 12.5(1), and 14.
  • Unified Contact Center Express (UCCX), versions 12.0 and earlier and 12.5(1).
  • Unity Connection, versions 11.5(1), 12.5(1), and 14.
  • Virtualized Voice Browser (VVB), versions 12.0 and earlier, 12.5(1), and 12.5(2).


CERT-EU recommends updating to the latest version of the affected product as soon as possible to mitigate this vulnerability [2].




We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.