Security News > 2024 > January > Cisco warns of critical RCE flaw in communications software
Cisco is warning that several of its Unified Communications Manager and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.
Cisco's Unified Communications and Contact Center Solutions are integrated solutions that provide enterprise-level voice, video, and messaging services, as well as customer engagement and management.
Cisco advises admins to set up access control lists as a mitigation strategy for case where applying the updates is not immediately possible.
Specifically, users are recommended to implement ACLs on intermediary devices that separate the Cisco Unified Communications or Cisco Contact Center Solutions cluster from users and the rest of the network.
Microsoft discovers critical RCE flaw in Perforce Helix Core Server.
Hackers are exploiting critical Apache Struts flaw using public PoC. Sophos backports RCE fix after attacks on unsupported firewalls.
News URL
Related news
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks (source)
- Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager (source)
- Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) (source)
- Critical Cisco bug lets hackers add root users on SEG devices (source)
- Progress warns of critical RCE bug in Telerik Report Server (source)
- Critical ServiceNow RCE flaws actively exploited to steal credentials (source)
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) (source)