LIVE · cybersecurity feed
ciscocritical

In Less Than 24 Hours, Attackers Weaponize Cisco CUCM Flaw

zeroday.news·12d ago
ShareXLinkedInWhatsAppFacebook

A critical vulnerability in Cisco Unified Communications Manager (CUCM) and CUCM Small and Medium Edition (SME) has been actively exploited by attackers less than a day after its public disclosure. The flaw allows for server-side request forgery (SSRF) and enables attackers to escalate their privileges to root access on affected systems.

The vulnerability, identified as CVE-2023-20114, resides in the administrative interface of CUCM and CUCM SME. It permits an authenticated, low-privilege user to conduct SSRF attacks. This means an attacker could trick the server into making requests to arbitrary internal or external resources on their behalf.

The SSRF capability is particularly concerning as it can be used to probe internal networks, access sensitive data, or interact with other internal services that are not directly exposed to the internet. In this specific case, the SSRF vulnerability can be chained with another flaw to achieve root privilege escalation.

This escalation to root privileges grants an attacker complete control over the compromised server. Such a level of access would allow for the deployment of malicious software, the exfiltration of sensitive call data, or the disruption of communication services.

The rapid weaponization of this vulnerability highlights the speed at which sophisticated threat actors can adapt to new information. The fact that exploitation occurred within 24 hours of public disclosure suggests that attackers were either actively monitoring for such disclosures or had pre-existing tools and capabilities ready to leverage newly found vulnerabilities.

Cisco has released security advisories detailing the vulnerability and has provided patches for affected versions of CUCM and CUCM SME. Organizations using these communication platforms are strongly urged to apply the available updates as soon as possible to mitigate the risk of exploitation.

While specific details regarding the nature of the attacks or the actors involved have not been publicly disclosed, the potential impact of a compromised CUCM system can be significant. These systems often handle sensitive voice and video communications, and unauthorized access could lead to data breaches and service disruptions.

As a general security best practice, it is always recommended to keep all software, including network infrastructure and communication platforms, up to date with the latest security patches. Additionally, implementing robust network segmentation and access controls can help limit the potential impact of any successful exploitation of vulnerabilities.

ciscovulnerabilityexploitationssrfprivilege escalation
ShareXLinkedInWhatsAppFacebook
← Back to latest

More News

view all →
zeroday.news · 1h ago·high

Accenture Confirms Security Incident After Hacker Claims 35GB Source-Code Theft

Accenture has acknowledged a security incident after a threat actor advertised what they claim is stolen internal data. The attacker, using the alias "888", says they took more than 35GB of source code and cloud credentials from the consulting giant and are offering it for sale. Accenture says it has addressed the source of the issue and that its operations were not disrupted.

zeroday.news · 4h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 5h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 5h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 6h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 6h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.