April 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert –Agent Tesla Malware – Active IOCs
January 25, 2024Rewterz Threat Alert –Malicious Traffic Broker “VexTrio” Selling Malware to More Than 60 Affiliates – Active IOCs
January 25, 2024Rewterz Threat Alert –Agent Tesla Malware – Active IOCs
January 25, 2024Rewterz Threat Alert –Malicious Traffic Broker “VexTrio” Selling Malware to More Than 60 Affiliates – Active IOCs
January 25, 2024
Severity
Medium
Analysis Summary
CVE-2024-20305 CVSS:4.8
Cisco Unity Connection is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the web-based management interface. A remote authenticated attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2024-20263 CVSS:5.8
Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow a remote attacker to bypass security restrictions, caused by incorrect processing of ACLs in a stacked configuration when either the primary or backup switch experiences a full stack reload or power cycle. By sending specially crafted traffic through an affected device, an attacker could exploit this vulnerability to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner.
CVE-2024-20253 CVSS:9.9
Cisco Unified Communications and Contact Center Solutions products could allow a remote attacker to execute arbitrary code on the system, caused by improper processing of user-provided data that is being read into memory. By sending a specially crafted message to a listening port of an affected device, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system with the privileges of the web services user and obtain root privileges.
Impact
- Code Execution
- Security Bypass
- Cross-Site Scripting
Indicators Of Compromise
CVE
- CVE-2024-20305
- CVE-2024-20263
- CVE-2024-20253
Affected Vendors
Cisco
Affected Products
- Cisco Unity Connection 12.5(1)
- Cisco Unity Connection 12.5(1)
- Cisco Unity Connection 11.0
- Cisco Unity Connection 14
- Cisco Unity Connection 11.5 (1)
- Cisco Business 250 Series smart switches 3.4
- Cisco Business 350 Series managed switches 3.4
- Cisco Unified CM IM and P 12.5(1) IM and P
- Cisco Unified CM IM and P 11.5(1) IM and P
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
