BusinessCybersecurityNewswireTechnologyWhat's Buzzing

Cisco confirms attackers exploiting Unified CM flaw

▼ Summary

– Cisco confirmed attackers are exploiting a Unified Communications Manager vulnerability patched in early June.
– The vulnerability allows attackers to execute arbitrary code or cause a denial of service.
– Cisco has released software updates to address the flaw and recommends immediate patching.
– No workarounds are available for the vulnerability.
– The exploitation targets systems that have not yet applied the security update.

Cisco has officially acknowledged that threat actors are actively targeting a Unified Communications Manager (Unified CM) security flaw, for which a patch was released in early June. The company updated its advisory to reflect that proof-of-concept exploit code is publicly available, with real-world exploitation now confirmed.

The vulnerability, tracked as CVE-2024-20253, carries a CVSS severity score of 6.6 and allows an unauthenticated attacker to trigger a remote denial-of-service (DoS) condition on affected devices. By sending a specially crafted request to the device’s web management interface, an attacker can cause the Unified CM cluster to fail, disrupting voice and video communications across the enterprise.

Cisco’s advisory notes that the flaw impacts all versions of Unified Communications Manager and Unified Communications Manager Session Management Edition that have not applied the available software updates. The company strongly urges administrators to immediately upgrade to the fixed software releases listed in the advisory, as no workarounds are available.

This development underscores the importance of timely patch management for critical infrastructure. Organizations still running unpatched versions are at significant risk of service outages. Cisco has not disclosed the identity of the attackers or the specific industries targeted, but the confirmation of active exploitation means that immediate action is required for any organization using the affected software.

(Source: BleepingComputer)

Topics

cisco vulnerability 95% active exploitation 92% unified cm patch 90% software vulnerability 89% cisco products 88% cyber attack 87% security patch 85% enterprise security 82% network security 81% unified communications 80%