Cisco fixed a critical flaw this week that affects multiple Unified Communications and Contact Center Solutions products and could be exploited remotely by unauthenticated attackers to execute arbitrary code on impacted devices. Medium severity vulnerabilities have also been patched in Cisco Small Business Series Switches and Cisco Unity Connection.
The critical bug is tracked as CVE-2024-20253 and is rated 9.9 out of 10 on the CVSS severity scale. It’s caused by insecure processing of user-supplied data that’s being loaded into memory and can be exploited by sending a specially crafted message to one of the network communication ports opened on the device.
