Cisco Patches Critical Vulnerability in Enterprise Collaboration Products

Cisco Patches Critical Vulnerability in Enterprise Collaboration Products

January 25, 2024 at 11:48AM

Cisco announced security updates to address a critical-severity vulnerability (CVE-2024-20253, CVSS 9.9) affecting multiple Unified Communications and Contact Center Solutions products. The flaw could allow attackers to execute arbitrary commands with system privileges. Cisco advises immediate patching and mitigation using access control lists. Medium-severity flaws in Business 250/350 series switches and Unity Connection were also patched.

The meeting notes highlight several important updates from Cisco:

1. Cisco has announced patches for a critical-severity vulnerability (CVE-2024-20253) in multiple Unified Communications and Contact Center Solutions products. The vulnerability allows an attacker to execute arbitrary commands on the underlying operating system of affected devices. The flaw impacts several products, and Cisco recommends all customers to update to the patched version as soon as possible. The company also suggests implementing access control lists (ACLs) on intermediary devices to mitigate the bug.

2. Cisco has also released patches for two medium-severity flaws in Business 250 and Business 350 series switches, as well as in Unity Connection. The flaws include an access control list (ACL) management security defect in the switches and a cross-site scripting (XSS) bug in the web-based management interface of Unity Connection. Cisco notes that it is not aware of any of these vulnerabilities being exploited in malicious attacks.

Additionally, it’s worth noting that more detailed information on these vulnerabilities can be found on Cisco’s security advisories page.

Full Article