CVE-2024-20375

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (affected versions not specified) Cisco Unified Communications Manager Session Management Edition (affected versions not specified)

Description A vulnerability in the SIP call processing function of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices.

Recommendations Update your Cisco Unified Communications Manager to mitigate this Denial-of-Service (DoS) vulnerability. As a temporary workaround, consider restricting access to the SIP call processing function until a patch is available. Avoid using the vulnerable SIP call processing function in the affected Cisco Unified CM or Cisco Unified CM SME device until the issue is resolved.