Cisco Product Security Update Advisory (CVE-2024-20253)

Jan 29 2024

Overview

An update has been made available to fix vulnerabilities in Cisco Unified Communications products. Users of affected versions are advised to update to the latest version.

Affected Products

Unified CM, Unified CM SME, Cisco Unified CM IM&P, Cisco Unity Connection

11.5(1) version
12.version 5(1)
version 14

Cisco UCCX

12.versions 0 and earlier
12.5(1)

Cisco VVB

12.versions 0 and earlier
12.5(1) and 12.5(2)
12.6(1) and 12.6(2)

Resolved Vulnerabilities

Remote Code Execution (RCE) vulnerability in Cisco Unified Communications products (CVE-2024-20253)

Vulnerability Patches

Vulnerability patches were made available in the January 26, 2024 update. Users of affected versions are advised to update to the latest version.

Unified CM, Unified CM SME

12.5(1)SU8, ciscocm.v1_java_deserial-CSCwd64245.cop.sha512, 14SU3, 15

Cisco Unified CM IM&P

12.5(1)SU8, ciscocm.cup-CSCwd64276_JavaDeserialization.cop.sha512, 14SU3, 15

Cisco Unity Connection

12.5(1)SU8, 14SU3, ciscocm.cuc.v1_java_deserial-CSCwd64292.k4.cop.sha512, 15

Cisco UCCX, Cisco VVB

ucos.v1_java_deserial-CSCwd64245.cop.sgn, 15

Referenced Sites

[1] Cisco Security Advisories
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
[2] Cisco Unified Communications Products Remote Code Execution Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm

Cisco Product Security Update Advisory (CVE-2024-20253)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

JenKins Family January 2024 Security Update Advisory

ModSecurity / libModSecurity Security Update Advisory (CVE-2024-1019)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

JenKins Family January 2024 Security Update Advisory

ModSecurity / libModSecurity Security Update Advisory (CVE-2024-1019)