A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
The vulnerability results from improper processing of user-supplied data during loading into memory (CWE-502 — deserialization of untrusted data). An attacker sends a specially crafted message to a listening port on the vulnerable device. Successful exploitation of the vulnerability allows execution of arbitrary commands in the context of the web service user, and subsequently gaining root access to the operating system.
An attacker can execute arbitrary commands on the device's operating system with web service user privileges, and subsequently gain full root access to the device. This exposes the system to loss of confidentiality, integrity, and availability of the entire system.
Security patches available from the manufacturer should be applied in accordance with the references (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm). Additionally, it is recommended to restrict network access to listening ports on vulnerable devices exclusively to trusted hosts using firewall or ACL rules.
Cisco Unified Communications Manager, Cisco Unified Communications Manager IM and Presence Service, Cisco Unity Connection — versions indicated in the manufacturer's references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:HCisco Unified Communications Manager
APPCisco< 12.5\(1\)su814.0 – 14su3 (bez)Cisco Unified Communications Manager Im And Presence Service
APPCisco< 12.5\(1\)su814.0 – 14.0su3 (bez)Cisco Unified Contact Center Express
APPCisco12.5\(1\)Cisco Unity Connection
APPCisco14.0 – 14su3 (bez)< 12.5\(1\)su8Cisco Virtualized Voice Browser
APPCisco12.5\(1\)12.6\(1\)12.6\(2\)
Related vulnerabilities
Cisco Unified CCX: pominięcie uwierzytelnienia w CCX Editor (RCE)
RCE z uprawnieniami root w Cisco Unified Contact Center Express (Java RMI)
Cisco Unified CM — statyczne dane logowania root umożliwiają pełne przejęcie systemu
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unifi...
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) ...