CVE-2024-20253

CRITICAL Year: 2024
CVSS v3 Score
10.0
Critical
Weakness Type
CWE-502
View all →

Vulnerability Description

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device.

Related Vulnerabilities

CVE-2018-19276

CRITICAL
CVSS:10.0(Critical)

OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a...

CWE-5022018

CVE-2018-3972

CRITICAL
CVSS:10.0(Critical)

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrenci...

CWE-5022018

CVE-2019-19810

CRITICAL
CVSS:10.0(Critical)

Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending craft...

CWE-5022019

CVE-2020-15148

CRITICAL
CVSS:10.0(Critical)

Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workarou...

CWE-5022020

CVE-2021-37181

CRITICAL
CVSS:10.0(Critical)

A vulnerability has been identified in Cerberus DMS V4.0 (All versions), Cerberus DMS V4.1 (All versions), Cerberus DMS V4.2 (All versions), Cerberus DMS V5.0 (All versions < v5.0 QU1), Desigo CC Comp...

CWE-5022021

CVE-2022-38650

CRITICAL
CVSS:10.0(Critical)

A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware wit...

CWE-5022022