CVE-2024-20484

Published Nov 6, 2024

Last updated 11 days ago

CVSS high 7.5

Overview

Description
A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start.
Source
ykramarz@cisco.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

ykramarz@cisco.com
CWE-20

Social media

Hype score
Not currently trending

  1. CRITICAL VULNERABILITIES Cisco Security Advisories November 2024 URL: https://t.co/w0qgi8SjFq Classification: Critical, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 10.0 CVEs: CVE-2024-20418, CVE-2024-20536, CVE-2024-20484, CVE-2024-20445, #cisco #hack

    @CharyyevPerman

    7 Nov 2024

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-20484 Denial of Service Flaw in Cisco ECE's EAAS Feature There is a problem with the External Agent Assignment Service (EAAS) in Cisco Enterprise Chat and Email (ECE). This problem can let a remote attac... https://t.co/faT38mj2Op

    @VulmonFeeds

    6 Nov 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-20484 A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to ca… https://t.co/clJqIzm9gG

    @CVEnew

    6 Nov 2024

    441 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References