- Description
- A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
- Products
- unified_communications_manager, unified_communications_manager_im_and_presence_service, unity_connection, unified_contact_center_express, virtualized_voice_browser
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- ykramarz@cisco.com
- CWE-502
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
🚨 CVE-2024-20253 : CRITICAL RCE ALERT 🚨 @Cisco An unauthenticated remote code execution vulnerability has been disclosed in Cisco Unified Communications Manager (CUCM), the call-processing backbone for ~85% of Fortune 500 enterprises. Risk Severity: Critical (CVSS 9.8, a
@OstorlabSec
26 Jan 2026
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Cisco's 9.9 RCE Flaw People see stable comms infrastructure. Attackers see CVE-2024-20253: an unauthenticated, remote entry point for arbitrary code execution. The vulnerability could give root access and enable lateral network movement. This is the vulnerability hiding i
@photogrim_
21 Jan 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #Cisco Unified Communications Products, Command Execution, #CVE-2024-20253 (Critical) https://t.co/wHINlqiuE3
@dailycve
21 Jan 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:-:*:*:*",
"matchCriteriaId": "FB3C1282-5EC8-4E46-ADD9-898449D96A22",
"versionEndExcluding": "12.5\\(1\\)su8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "312C8052-DA09-4B61-9E90-E9EEE265A4BC",
"versionEndExcluding": "14su3",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "EA4F43B2-1C73-415B-84BF-26D0322FA2C1",
"versionEndExcluding": "12.5\\(1\\)su8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*",
"matchCriteriaId": "C64C5167-7428-4F9E-B1E9-CAD3236B64AD",
"versionEndExcluding": "14su3",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF9029D-553F-43FD-8F37-86B11A17EC91",
"versionEndExcluding": "12.5\\(1\\)su8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D09B9BD3-3C31-4816-AD4C-043543C56DB5",
"versionEndExcluding": "14.0su3",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2BC7834-136A-4117-BEDC-0C96EC59227B",
"versionEndExcluding": "12.5\\(1\\)su8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06851CA9-B778-4471-BB1D-A2237B225A4C",
"versionEndExcluding": "14su3",
"versionStartIncluding": "14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:12.5\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "66E25EE4-AB7B-42BF-A703-0C2E83E83577",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.5\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3164D29F-4726-4438-9F31-8644B1C2F0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7A2BE523-1AAF-4AB5-ACA3-A1E194590B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:12.6\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0A7B033E-5B7F-4C11-9C6C-CA4363770A7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]