CVE-2024-20484

Name of the Vulnerable Software and Affected Versions Cisco Enterprise Chat and Email (ECE) (affected versions not specified)

Description A vulnerability in the External Agent Assignment Service (EAAS) feature could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic. An attacker could exploit this by sending crafted MR PIM traffic, potentially triggering a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS. This would prevent customers from starting chat, callback, or delayed callback sessions. Normal operation can be restored by manually restarting the EAAS process.

Recommendations To resolve the issue, manually restart the EAAS process in the System Console by choosing Shared Resources > Services > Unified CCE > EAAS, then click Start, after the attack traffic stops. At the moment, there is no information about a newer version that contains a fix for this vulnerability.