Critical

Unauthenticated RCE in Cisco Unified Communications and Contact Center Solutions

IdentifiersCVE-2024-20253CWE-20

CVE-2024-20253 is a critical vulnerability affecting multiple Cisco Unified Communications and Contact Center Solutions products. According to the provided Cisco description, the flaw is caused by improper processing of user-provided data that is read into memory. A remote, unauthenticated attacker can exploit the issue by sending a crafted message to a listening port on an affected device. Successful exploitation allows execution of arbitrary commands on the underlying operating system in the context of the web services user; from that foothold, the attacker may further obtain root access on the device. The provided context also identifies affected product families including Cisco Unified Communications Manager (Unified CM), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance, but the precise vulnerable component or function is not specified in the supplied material.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can result in unauthenticated remote code execution on the affected Cisco UC platform. An attacker can execute arbitrary OS commands as the web services user and then potentially escalate to full root access, leading to complete device compromise. With that level of access, an attacker could install malware or web shells, alter system configuration, access sensitive voice, messaging, and configuration data, move laterally using harvested credentials, and use the compromised system as a staging point for broader intrusion activity or disruptive actions such as ransomware deployment.

Mitigation

If you can’t patch tonight, do this now.

The provided content indicates there are no viable workarounds for CVE-2024-20253. Until patches are fully deployed, exposure reduction is the primary mitigation: restrict access to affected listening and management interfaces, remove unnecessary internet exposure, limit reachability with ACLs/firewall policy, and monitor for exploitation attempts. The supplied context also notes Cisco Snort rules 65750, 65751, and 65752 as detection aids for identifying exploitation activity at the network level.

Remediation

Patch, then assume compromise.

Apply Cisco security updates for CVE-2024-20253 to all affected Unified Communications and Contact Center Solutions systems. The supplied content states that Cisco issued patches and that no workarounds are available. Organizations should identify all exposed and internally reachable affected instances, prioritize internet-exposed management or service interfaces, and upgrade to the fixed software releases specified by Cisco for each affected product. Because the vulnerability is reported as actively exploited, remediation should be treated as urgent.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Cisco SystemsUnified Communications Managerapplication

Cisco SystemsUnified Communications Manager Im And Presence Serviceapplication

Cisco SystemsUnified Contact Center Expressapplication

Cisco SystemsUnity Connectionapplication

Cisco SystemsVirtualized Voice Browserapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app

bleeping computerNews

Jun 4, 2026

Cisco warns of critical Unified CM flaw with PoC exploit code

A Cisco Unified CM flaw that enabled attackers to gain root access to vulnerable systems.

rescana blogNews

Jan 25, 2026

Critical Cisco Unified Communications Zero-Day (CVE-2024-20253) Actively Exploited: Millions of Enterprises at Risk

Unauthenticated remote code execution (RCE) vulnerability in the web-based management interface of Cisco Unified Communications products due to improper input validation, enabling arbitrary command execution on the underlying OS and potentially full system compromise.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2024-20253

NVD

nvd.nist.gov/vuln/detail/CVE-2024-20253

MITRE CWE · CWE-20

cwe.mitre.org

Vendor Advisory

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm