Cisco Products Multiple Vulnerabilities

Impact

• Remote Code Execution
• Security Restriction Bypass
• Cross-Site Scripting

System / Technologies affected

• 250 Series Smart Switches
• 350 Series Managed Switches
• 350X Series Stackable Managed Switches
• 550X Series Stackable Managed Switches
• Business 250 Series Smart Switches
• Business 350 Series Managed Switches
• Cisco Unity Connection
• Unified Communications Manager (Unified CM) (CSCwd64245)
• Unified Communications Manager IM & Presence Service (Unified CM IM&P) (CSCwd64276)
• Unified Communications Manager Session Management Edition (Unified CM SME) (CSCwd64245)
• Unified Contact Center Express (UCCX) (CSCwe18773)
• Unity Connection (CSCwd64292)
• Virtualized Voice Browser (VVB) (CSCwe18840)

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-xss-9TFuu5MS
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm

Vulnerability Identifier

• CVE-2024-20305
• CVE-2024-20253
• CVE-2024-20263

Source

• Cisco
• AusCERT

Related Link

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-xss-9TFuu5MS
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk
• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm
• https://www.auscert.org.au/bulletins/ESB-2024.0492
• https://www.auscert.org.au/bulletins/ESB-2024.0493
• https://www.auscert.org.au/bulletins/ESB-2024.0494