Cisco released patches for a recent critical-severity vulnerability, tracked as CVE-2024-20253, on Wednesday. The vulnerability affects Cisco’s Unified Communications and Contact Center Solutions products. The company explained that an attacker could have executed arbitrary commands and gained web services user privileges by sending specialized messages to the listening port of affected devices. With web services user privileges, the attacker could have quickly escalated to root access on compromised operating systems. The issue specifically affects the default configuration of the Packaged Contact Center Enterprise, Unified Communications Manager, Unified Communications Manager IM & Presence Service, Unified Communications Manager Session Management Edition, Unified Contact Center Enterprise & Express, Unity Connection, and Virtualized Voice Browser. Cisco stated that security updates are the best method to mitigate security concerns, but customers can mitigate risk by implementing access control lists on intermediary devices.