Major vulnerability found in Cisco software could allow remote attacker to launch malware

Critical severity flaw found in multiple Cisco products

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cisco has reported a critical vulnerability in some of its most widely-used software, and has urged users to patch their endpoints immediately.

In asecurity advisory, Cisco said it addressed an improper processing of user-provided data read into memory flaw in multiple Unified Communications Manager (UCM) programs, and Contact Center Solutions products.

The flaw is tracked as CVE-2024-20253, carrying a severity score of 9.9/10.

Severe Cisco flaws

The flaw, first discovered by security researcher Julien Egloff of Synactktiv, allows threat actors to wreak havoc on the vulnerable devices. Apparently, they would be able to send a custom message to a listening port, which would grant them the ability to launch arbitrary commands and thus establish root access viamalware.

The software is generally used by enterprises for voice, video, and messaging services, as well as for customer engagement and customer management.

Here is the full list of vulnerable products and their versions:

There is no workaround for the vulnerability, Cisco warned, so the only way to remain secure is to apply the patch. Here is a list of the software versions that are no longer vulnerable:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

So far, there has been no evidence of abuse, Cisco concluded.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

Don’t wait until Black Friday, this year’s best Nintendo Switch bundles are on sale now