{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Der Cisco Unified Communications Manager (CUCM) (ehemals CallManager) dient zur Gesprächsvermittlung in IP-Telefonie-Netzen.\r\nCisco Unified Contact Center Enterprise kombiniert Mehrkanal-Rufverteilung (ACD) mit IP-Telefonie in einer einheitlichen Lösung. \r\nCisco Unified Contact Center Express (UCCX) ist die Kontaktverwaltung für Cisco Unified Communications.\r\nCisco Unity Connection ist ein umfangreiches Voicemail und Integrated-Messaging- Produkt. Mit Cisco Unity Connection können Benutzer mit dem Cisco Unified Personal Communicator auf ihre Sprachnachrichten zugreifen, das Display ihres Cisco Unified IP-Telefons nutzen, um Sprachnachrichten anzuzeigen, zu sortieren und wiederzugeben, und sogar die Sprachsteuerung von Cisco Unity Connection verwenden, um auf Cisco Unified MeetingPlace Express Meetings zuzugreifen.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Cisco Unified Communications Manager (CUCM), Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express (UCCX), Cisco Unified Communications Manager IM & Presence Service und Cisco Unity Connection ausnutzen, um beliebigen Programmcode auszuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2024-0192 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0192.json" }, { "category" : "self", "summary" : "WID-SEC-2024-0192 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0192" }, { "category" : "external", "summary" : "Cisco Security Advisories vom 2024-01-24", "url" : "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm" } ], "source_lang" : "en-US", "title" : "Cisco Unified Communications Products: Schwachstelle ermöglicht Codeausführung", "tracking" : { "current_release_date" : "2024-01-24T23:00:00.000+00:00", "generator" : { "date" : "2024-08-15T18:04:14.695+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.3.5" } }, "id" : "WID-SEC-W-2024-0192", "initial_release_date" : "2024-01-24T23:00:00.000+00:00", "revision_history" : [ { "date" : "2024-01-24T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Cisco Unified Communications Manager (CUCM) < 12.5(1)SU8", "product" : { "name" : "Cisco Unified Communications Manager (CUCM) < 12.5(1)SU8", "product_id" : "T032313", "product_identification_helper" : { "cpe" : "cpe:/a:cisco:unified_communications_manager:12.5%281%29su8" } } }, { "category" : "product_name", "name" : "Cisco Unified Communications Manager (CUCM) < 14SU3", "product" : { "name" : "Cisco Unified Communications Manager (CUCM) < 14SU3", "product_id" : "T032314", "product_identification_helper" : { "cpe" : "cpe:/a:cisco:unified_communications_manager:14su3" } } } ], "category" : "product_name", "name" : "Unified Communications Manager (CUCM)" }, { "branches" : [ { "category" : "product_name", "name" : "Cisco Unified Communications Manager IM & Presence Service < 12.5(1)SU8", "product" : { "name" : "Cisco Unified Communications Manager IM & Presence Service < 12.5(1)SU8", "product_id" : "T032315", "product_identification_helper" : { "cpe" : "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:12.5%281%29su8" } } }, { "category" : "product_name", "name" : "Cisco Unified Communications Manager IM & Presence Service < 14SU3", "product" : { "name" : "Cisco Unified Communications Manager IM & Presence Service < 14SU3", "product_id" : "T032316", "product_identification_helper" : { "cpe" : "cpe:/a:cisco:unified_communications_manager_im_and_presence_service:14su3" } } } ], "category" : "product_name", "name" : "Unified Communications Manager IM & Presence Service" }, { "category" : "product_name", "name" : "Cisco Unified Contact Center Enterprise < ucos.v1_java_deserial-CSCwd64245.cop.sgn", "product" : { "name" : "Cisco Unified Contact Center Enterprise < ucos.v1_java_deserial-CSCwd64245.cop.sgn", "product_id" : "T032319", "product_identification_helper" : { "cpe" : "cpe:/a:cisco:unified_contact_center_enterprise:ucos.v1_java_deserial-cscwd64245.cop.sgn" } } }, { "category" : "product_name", "name" : "Cisco Unified Contact Center Express (UCCX) < ucos.v1_java_deserial-CSCwd64245.cop.sgn", "product" : { "name" : "Cisco Unified Contact Center Express (UCCX) < ucos.v1_java_deserial-CSCwd64245.cop.sgn", "product_id" : "T032320", "product_identification_helper" : { "cpe" : "cpe:/a:cisco:unified_contact_center_express:ucos.v1_java_deserial-cscwd64245.cop.sgn" } } }, { "branches" : [ { "category" : "product_name", "name" : "Cisco Unity Connection < 14SU3", "product" : { "name" : "Cisco Unity Connection < 14SU3", "product_id" : "T032317", "product_identification_helper" : { "cpe" : "cpe:/a:cisco:unity_connection:14su3" } } }, { "category" : "product_name", "name" : "Cisco Unity Connection < 12.5(1)SU8", "product" : { "name" : "Cisco Unity Connection < 12.5(1)SU8", "product_id" : "T032318", "product_identification_helper" : { "cpe" : "cpe:/a:cisco:unity_connection:12.5%281%29su8" } } } ], "category" : "product_name", "name" : "Unity Connection" } ], "category" : "vendor", "name" : "Cisco" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2024-20253", "notes" : [ { "category" : "description", "text" : "Es besteht eine Schwachstelle in Cisco Unified Communications Manager (CUCM), Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center Express (UCCX), Cisco Unified Communications Manager IM & Presence Service und Cisco Unity Connection. Dieser Fehler besteht aufgrund der unsachgemäßen Verarbeitung von Benutzereingaben. Durch das Senden einer manipulierten Meldung an einen abhörenden Port eines betroffenen Geräts kann ein entfernter, anonymer Angreifer diese Schwachstelle zur Ausführung von beliebigem Code ausnutzen." } ], "release_date" : "2024-01-24T23:00:00.000+00:00", "title" : "CVE-2024-20253" } ] }