Summary
On January 24, Cisco released a security bulletin and disclosed CVE-2024-20253 to the public. This new vulnerability affects the Cisco Unified Communications Suite. Although there is no public news of exploits in the wild, Cisco has released a patch and mitigation instructions. Cerium advises patching your on-premises Cisco UC appliances and applications as soon as possible. We stand ready to assist with any of our clients.
Details
On January 24, Cisco published a security advisory on six products in the Unified Communications suite:
- Unified Communications Manager
- Unified Communications Manager IM & Presence Service
- Unified Communications Manager Session Manager
- Unified Communications Express
- Unity Connection
- Virtualized Voice Browser
The vulnerability reported when exploited, allows an attacker to run commands remotely on the Cisco device with the same privilege as the web services running on the server. An attacker can exploit any open port, which risks internet-exposed servers. (Cisco Security Advisory, 2024)
According to AttackerKB, there are no reported exploits for this CVE in the wild. (AttackerKB.com, 2024) However, this may unexpectedly change. In cybersecurity, we call the time between discovering a vulnerability and exploiting that bug the weaponization phase. In recent years, this weaponization phase has shortened to an average of seven days. (Mean Time to Hardening: The Next-Gen Security Metric, 2019)
Next Steps
Cisco has issued a patch for these products; we advise anyone using them to update their UCM products as soon as possible. We will contact you for Cerium clients using Cisco UCM and with service contracts and schedule a time to patch your UCM devices. Please get in touch with us if you have questions about migrating from on-prem to Cisco’s newer cloud-based offerings.
If you are unsure if this report affects you, Cerium now offers MDR and Vulnerability Management services as part of our Cerium Select Cybersecurity package. We can quickly deploy sensors into your environment and assess your cyber risk. Don’t hesitate to get in touch with us to learn more.