CVE-2024-20484 (GCVE-0-2024-20484)

Vulnerability from cvelistv5 – Published: 2024-11-06 16:29 – Updated: 2024-11-06 17:20
VLAI?
Title
Cisco Enterprise Chat and Email Denial of Service Vulnerability
Summary
A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start.
CWE
  • CWE-20 - Improper Input Validation
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Enterprise Chat and Email Affected: 11.6(1)_ES3
Affected: 11.6(1)_ES4
Affected: 12.0(1)_ES6
Affected: 11.6(1)_ES9
Affected: 11.6(1)_ES6
Affected: 11.6(1)_ES5
Affected: 12.5(1)_ET1
Affected: 12.5(1)_ES3_ET1
Affected: 12.0(1)_ES3
Affected: 11.6(1)_ES11
Affected: 12.0(1)_ES4
Affected: 12.0(1)_ES5
Affected: 11.6(1)_ES2
Affected: 11.6(1)_ES9a
Affected: 11.6(1)_ES10
Affected: 12.0(1)_ES1
Affected: 12.0(1)
Affected: 12.5(1)_ES3
Affected: 12.6(1)
Affected: 11.5(1)
Affected: 12.0(1)_ES2
Affected: 11.6(1)_ES7
Affected: 12.6(1)_ET1
Affected: 11.6(1)
Affected: 12.6(1)_ET2
Affected: 12.5(1)_ES3_ET2
Affected: 12.0(1)_ES6_ET2
Affected: 12.6(1)_ES1
Affected: 11.6(1)_ES12
Affected: 12.6(1)_ET3
Affected: 12.5(1)_ES4_ET1
Affected: 12.0(1)_ES6_ET3
Affected: 12.6(1)_ES1_ET1
Affected: 12.6(1)_ES2
Affected: 12.6_ES2_ET1
Affected: 12.5(1)_ES5
Affected: 12.6_ES2_ET2
Affected: 12.0(1)_ES7
Affected: 12.6_ES2_ET3
Affected: 12.0(1)_ES7_ET1
Affected: 12.5(1)_ES5_ET1
Affected: 12.6_ES2_ET4
Affected: 12.6(1)_ES3
Affected: 11.6(1)_ES12_ET1
Affected: 12.6_ES3_ET1
Affected: 12.6_ES3_ET2
Affected: 12.6(1)_ES4
Affected: 12.5(1)_ES7
Affected: 12.6(1)_ES4_ET1
Affected: 12.6(1)_ES5
Affected: 12.6(1)_ES5_ET1
Affected: 12.6(1)_ES5_ET2
Affected: 12.6(1)_ES6
Affected: 12.6(1)_ES6_ET1
Affected: 12.5(1)_ES8
Affected: 12.6(1)_ES6_ET2
Affected: 12.6(1)_ES7
Affected: 12.6(1)_ES8
Affected: 12.6(1)_ES4_ET2
Affected: 12.6(1)_ES3_ET3
Affected: 12.6(1)_ES2_ET5
Affected: 12.6(1)_ES1_ET2
Affected: 12.6(1)_ES8_ET1
Affected: 12.6(1)_ES7_ET1
Affected: 12.6(1)_ES6_ET3
Affected: 12.6(1)_ES5_ET3
Affected: 12.5(1)_ES8_ET1
Affected: 12.5(1)_ES3_ET3
Affected: 12.5(1)_ES5_ET2
Affected: 12.5(1)_ES6_ET1
Affected: 12.5(1)_ES4_ET2
Affected: 12.5(1)_ES7_ET1
Affected: 12.6(1)_ES8_ET2
Affected: 12.6(1)_ES9
Affected: 12.6(1)_ES9_ET1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_chat_and_email",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "11.6(1)_ES3"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES4"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES6"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES9"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES6"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES5"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES3_ET1"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES3"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES11"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES4"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES5"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES2"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES9a"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES10"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES1"
              },
              {
                "status": "affected",
                "version": "12.0(1)"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES3"
              },
              {
                "status": "affected",
                "version": "12.6(1)"
              },
              {
                "status": "affected",
                "version": "11.5(1)"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES2"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES7"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ET1"
              },
              {
                "status": "affected",
                "version": "11.6(1)"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ET2"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES3_ET2"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES6_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES1"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES12"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ET3"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES4_ET1"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES6_ET3"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES1_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES2"
              },
              {
                "status": "affected",
                "version": "12.6_ES2_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES5"
              },
              {
                "status": "affected",
                "version": "12.6_ES2_ET2"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES7"
              },
              {
                "status": "affected",
                "version": "12.6_ES2_ET3"
              },
              {
                "status": "affected",
                "version": "12.0(1)_ES7_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES5_ET1"
              },
              {
                "status": "affected",
                "version": "12.6_ES2_ET4"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES3"
              },
              {
                "status": "affected",
                "version": "11.6(1)_ES12_ET1"
              },
              {
                "status": "affected",
                "version": "12.6_ES3_ET1"
              },
              {
                "status": "affected",
                "version": "12.6_ES3_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES4"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES7"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES4_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES5"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES5_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES5_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES6"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES6_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES8"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES6_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES7"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES8"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES4_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES3_ET3"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES2_ET5"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES1_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES8_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES7_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES6_ET3"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES5_ET3"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES8_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES3_ET3"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES5_ET2"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES6_ET1"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES4_ET2"
              },
              {
                "status": "affected",
                "version": "12.5(1)_ES7_ET1"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES8_ET2"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES9"
              },
              {
                "status": "affected",
                "version": "12.6(1)_ES9_ET1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20484",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T17:20:15.324243Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T17:20:30.979Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Enterprise Chat and Email",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.6(1)_ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES9"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES6"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET1"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES11"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES5"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES9a"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES10"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES1"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES2"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET1"
            },
            {
              "status": "affected",
              "version": "11.6(1)"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET2"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES12"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ET3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES4_ET1"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES6_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES2"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET2"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET3"
            },
            {
              "status": "affected",
              "version": "12.0(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5_ET1"
            },
            {
              "status": "affected",
              "version": "12.6_ES2_ET4"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES3"
            },
            {
              "status": "affected",
              "version": "11.6(1)_ES12_ET1"
            },
            {
              "status": "affected",
              "version": "12.6_ES3_ET1"
            },
            {
              "status": "affected",
              "version": "12.6_ES3_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES7"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES4_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES3_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES2_ET5"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES1_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES6_ET3"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES5_ET3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES8_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES3_ET3"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES5_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES6_ET1"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES4_ET2"
            },
            {
              "status": "affected",
              "version": "12.5(1)_ES7_ET1"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES8_ET2"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES9"
            },
            {
              "status": "affected",
              "version": "12.6(1)_ES9_ET1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources \u0026gt; Services \u0026gt; Unified CCE \u0026gt; EAAS, then click Start."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "Improper Input Validation",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T16:29:20.865Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ece-dos-Oqb9uFEv",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ece-dos-Oqb9uFEv",
        "defects": [
          "CSCwj26667"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Enterprise Chat and Email Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20484",
    "datePublished": "2024-11-06T16:29:20.865Z",
    "dateReserved": "2023-11-08T15:08:07.684Z",
    "dateUpdated": "2024-11-06T17:20:30.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…