Update your Cisco products now: Critical security flaw lets hackers hijack software

The Cisco logo shown on a smartphone
(Image credit: Alamy)

Cisco issued a warning this week that some of its most widely used software contains a critical vulnerability that could let remote attackers execute arbitrary code on an affected device and wreak havoc. The company is urging users to patch their endpoints immediately.

Several of Cisco's Unified Communications Manager and Contact Center Solutions products, which provide enterprise-level voice, video and messaging services as well as customer engagement and customer management, are impacted by this flaw. The issue stems from improper processing of user-supplied data that is being read into memory, Cisco explained in a security bulletin. It can be exploited by sending a specially crafted message to one of the network communication ports opened on the device, potentially giving hackers an opening to execute malware with the privileges of the web services user.

"A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user," Cisco said. "With access to the underlying operating system, the attacker could also establish root access on the affected device."

The flaw, known as CVE-2024-20253, was first uncovered by Synacktiv security researcher Julien Egloff. It's rated 9.9 out of 10 on the CVSS severity scale. You can find a full list of vulnerable products below: 

  • Unified Communications Manager (Unified CM) (CSCwd64245)
  • Unified Communications Manager IM & Presence Service (Unified CM IM&P) (CSCwd64276)
  • Unified Communications Manager Session Management Edition (Unified CM SME) (CSCwd64245)
  • Unified Contact Center Express (UCCX) (CSCwe18773)
  • Unity Connection (CSCwd64292)
  • Virtualized Voice Browser (VVB) (CSCwe18840)

Currently, there is no workaround for this issue, Cisco warns, so it's recommending its users apply the available security updates as soon as possible. If for whatever reason applying the updates is not immediately possible, the company advises administrators to set up access control lists on intermediary devices connected to Cisco networks as a mitigation strategy.

"Establish access control lists (ACLs) on intermediary devices that separate the Cisco Unified Communications or Cisco Contact Center Solutions cluster from users and the rest of the network to allow access only to the ports of deployed services," the company said.

So far, there's been no evidence found of hackers exploiting or publicizing this vulnerability, Cisco concluded. 

More from Tom's Guide

Alyse Stanley
News Editor

Alyse Stanley is a news editor at Tom’s Guide overseeing weekend coverage and writing about the latest in tech, gaming and entertainment. Prior to joining Tom’s Guide, Alyse worked as an editor for the Washington Post’s sunsetted video game section, Launcher. She previously led Gizmodo’s weekend news desk, where she covered breaking tech news — everything from the latest spec rumors and gadget launches to social media policy and cybersecurity threats.  She has also written game reviews and features as a freelance reporter for outlets like Polygon, Unwinnable, and Rock, Paper, Shotgun. She’s a big fan of horror movies, cartoons, and miniature painting.