Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-20484

Опубликовано: 06 нояб. 2024
Источник: nvd
CVSS3: 7.5
EPSS Низкий

Описание

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, the

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
Версия до 12.5(1)es9 (исключая)
cpe:2.3:a:cisco:enterprise_chat_and_email:*:*:*:*:*:*:*:*
Версия от 12.6(1) (включая) до 12.6(1)es9 (исключая)

EPSS

Процентиль: 75%
0.00913
Низкий

7.5 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-jvmc-2wg5-j9pw

CVSS3: 7.5
github
больше 1 года назад

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, th...

fstec логотип

BDU:2024-09519

CVSS3: 7.5
fstec
больше 2 лет назад

Уязвимость функции External Agent Assignment Service (EAAS) средства обмена сообщениями Cisco Enterprise Chat and Email (ECE), позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 75%
0.00913
Низкий

7.5 High

CVSS3

Дефекты

CWE-20
NVD-CWE-noinfo