CVE-2024-20375

HIGH EPSS 50.1%
Published Aug 21, 20241y ago · Modified Jun 17, 20262w ago
7.5 CVSS 3.1
High
Find Similar
Published Aug 21, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
50.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-787 Out-of-bounds Write Memory Safety

Affected Products 16

VendorProductVersionRange
ciscounified_communications_manager12.0\(1\)su1any
ciscounified_communications_manager12.0\(1\)su2any
ciscounified_communications_manager12.0\(1\)su3any
ciscounified_communications_manager12.0\(1\)su4any
ciscounified_communications_manager12.0\(1\)su5any
ciscounified_communications_manager12.5\(1\)any
ciscounified_communications_manager12.5\(1\)su1any
ciscounified_communications_manager12.5\(1\)su2any
ciscounified_communications_manager12.5\(1\)su3any
ciscounified_communications_manager12.5\(1\)su4any
ciscounified_communications_manager12.5\(1\)su5any
ciscounified_communications_manager12.5\(1\)su6any
ciscounified_communications_manager12.5\(1\)su7any
ciscounified_communications_manager12.5\(1\)su7aany
ciscounified_communications_manager12.5\(1\)su8any
ciscounified_communications_manager12.5\(1\)su8aany

References 1

  • sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-dos-kkHq43We
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.