Summary
Cisco security updates address a vulnerability, with severity “critical”, affecting Cisco Unified Communications and Contact Center Solutions products. This vulnerability, if exploited, could allow an unauthenticated remote attacker to execute arbitrary commands on target systems.
Risk
Vulnerability community impact estimate: HIGH/ORANGE (66.53/100)1.
Type
- Remote Code Execution
Affected products and/or versions
Cisco
- Packaged Contact Center Enterprise (PCCE)
- Unified Communications Manager (Unified CM)
- Unified Communications Manager IM & Presence Service (Unified CM IM&P)
- Unified Communications Manager Session Management Edition (Unified CM SME)
- Unified Contact Center Enterprise (UCCE)
- Unified Contact Center Express (UCCX)
- Unity Connection
- Virtualized Voice Browser (VVB)
Mitigation Actions
In line with vendor statements, it is recommended to apply the available mitigations following the indications reported in the security bulletins in the References section.
Unique Vulnerability Identifiers
References
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
