This document has been written for the IT teams of organisations and government.
Background / What has happened?
ASD’s ACSC is tracking a remote code execution vulnerability in Cisco Unified Communications Products.
CVE-2024-20253 refers to a user-provided data processing error that could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability affects several Unified Communications Manager, Unified Contact Center Express, Unity Connection and Virtualized Voice Browser products.
A full list of impacted products can be found in CISCO's published advisory.
ASD’s ACSC is not aware of active exploitation of CVE-2024-20253 at this time.
Mitigation / How do I stay secure?
To stay secure, organisations should review their networks for use of vulnerable CISCO Unified Communications Products and consult CISCO’s customer advisory.
Assistance / Where can I go for help?
ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).