Initiativen für
    
    Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
      
     
                  Reference:
Advisory #2024-14
Version:
1.0
Affected software:
Packaged Contact Center Enterprise (PCCE)
Unified Communications Manager (Unified CM)
Unified Communications Manager IM & Presence Service (Unified CM IM&P)
Unified Communications Manager Session Management Edition (Unified CM SME)
Unified Contact Center Enterprise (UCCE)
Unified Contact Center Express (UCCX)
Unity Connection
Virtualized Voice Browser (VVB)
Type:
Remote code execution
CVE/CVSS:
CVE-2024-20253
CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:H)
CVE-2024-20253 is a vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
The impact on Integrity and Availability is Low, but the vulnerability has a High impact on Availability. The Attack Complexity is Low and there is no User Interaction required to exploit the vulnerability.
As explained in the Cisco advisory: ‘An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.’
At the time of writing, Cisco has reported that there is no evidence that CVE-2024-20253 has been exploited in the wild.
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Cisco has released free software updates that address the vulnerability. Please see the Cisco advisory for more information.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
 
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.