January 26, 2024 at 12:57AM
Cisco has released patches for a critical security flaw (CVE-2024-20253) affecting Unified Communications and Contact Center Solutions products, allowing an attacker to execute arbitrary code. The flaw impacts various products including Unified Communications Manager and Unity Connection. Users are advised to set up access control lists while awaiting updates. Cisco recently fixed another critical security flaw in Unity Connection (CVE-2024-20272).
Key takeaways from the meeting notes are as follows:
1. Cisco has released patches to address a critical security flaw (CVE-2024-20253) impacting various Unified Communications and Contact Center Solutions products, allowing unauthenticated, remote attackers to execute arbitrary code on affected devices.
2. The impacted products include Unified Communications Manager, Unified Communications Manager IM & Presence Service, Unified Communications Manager Session Management Edition, Unified Contact Center Express, Unity Connection, and Virtualized Voice Browser.
3. Security researcher Julien Egloff is credited with discovering and reporting the security flaw.
4. Cisco is urging users to apply the updates immediately and, in the absence of immediate updates, to set up access control lists to limit access to deployed services ports.
5. There are no workarounds available to address the security flaw.
6. This disclosure comes after Cisco recently shipped fixes for another critical security flaw impacting Unity Connection (CVE-2024-20272).
Please let me know if you need any further information or clarification on the meeting notes.