"Cisco Warns of Critical RCE Flaw in Communications Software"

Cisco warns that several of its Unified Communications Manager (CM) and Contact Center Solutions products are impacted by a critical Remote Code Execution (RCE) flaw. The vulnerability, tracked as CVE-2024-20253, could allow an unauthenticated, remote attacker to execute arbitrary code on an impacted device. Synacktiv researcher Julien Egloff discovered the vulnerability, which received a severity score of 9.9. It stems from improper processing of user-provided data read into memory. Exploiting it involves sending a specially crafted message to a listening port. This article continues to discuss the vulnerability of Cisco's Unified CM and Contact Center Solutions products to a critical severity RCE security issue.

Bleeping Computer reports "Cisco Warns of Critical RCE Flaw in Communications Software"

Submitted by grigby1