The Computer Emergency Response Team of India (CERT-In) has issued a high-severity alert regarding a newly identified vulnerability in Cisco’s Enterprise Chat and Email (ECE) platform. Tagged as CERT-In Vulnerability Note CIVN-2024-0339, this vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) attack on affected Cisco systems.
Affected Parties
This vulnerability primarily impacts IT administrators and individuals responsible for securing and maintaining Cisco Enterprise Chat and Email systems. It is crucial for these administrators to check if EAAS (Enterprise Application Access Service) is active. To verify, log into the System Console, navigate to Partitions > Partition > Services > Unified CCE > EAAS > Instances, and confirm if an EAAS instance is running. Systems running EAAS are vulnerable to this security risk.
Overview of the Vulnerability
The vulnerability stems from insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic. An unauthenticated attacker, operating remotely, could exploit this flaw by sending specifically crafted MR PIM traffic to the affected system. This would result in a failure of the MR PIM connection between Cisco ECE and the Cisco Unified Contact Centre Enterprise (CCE), disrupting EAAS functions.
This flaw can lead to a Denial of Service (DoS) condition, effectively disabling the EAAS feature and preventing customers from initiating chat, callback, or delayed callback sessions. While regular operation can be restored by manually restarting the EAAS process, this interruption poses significant service disruption risks for organizations relying on real-time customer service solutions through Cisco ECE.
Cisco’s Response and Solutions
Advisory and Fix
Cisco has issued an advisory (ID: cisco-sa-ece-dos-Oqb9uFEv) detailing the vulnerability, including a recommendation to upgrade affected software to a fixed release. The vulnerability is assigned CVE-2024-20484 with a CVSS base score of 7.5, highlighting the high impact of this flaw.
Affected Products
Only Cisco ECE systems configured to use EAAS are affected. Customers can verify EAAS configurations through the System Console as noted earlier.
No Available Workarounds
Currently, there are no temporary solutions or workarounds to mitigate this vulnerability. The only effective measure is upgrading to the appropriate fixed software version as released by Cisco.
Fixed Releases
Cisco has issued updates that address the vulnerability. Here is a breakdown of the recommended upgrades:
Cisco ECE Release | First Fixed Release |
---|---|
Earlier than 12.5 | Migrate to a fixed release |
12.5 | 12.5(1) ES9 |
12.6 | 12.6(1) ES9 ET3 |
It is recommended for customers to update to these versions to ensure security against this vulnerability.
Next Steps for Cisco Users
For Contracted Customers
Customers with an active Cisco service contract can access these updates through the usual software update channels. Those entitled to service contracts may access security patches and support without additional fees, provided they adhere to the Cisco software license terms.
For Non-Contracted Customers
If you purchased Cisco products directly or through an authorized reseller but do not have a service contract, you can still obtain updates by contacting Cisco Technical Assistance Center (TAC). Provide the product serial number and a reference to this advisory to verify eligibility for a free upgrade.
Licensing and Installation
When downloading updates, ensure that your device’s configurations are compatible with the new releases. For those uncertain, Cisco recommends reaching out to their support team or the TAC. All updates should be acquired through authorized channels to avoid licensing or support issues.
Key Security Recommendations
- Prioritize Immediate Updates – IT administrators should prioritize upgrading affected Cisco ECE systems to the specified versions. Given the high severity rating, this vulnerability represents a substantial risk to uninterrupted service.
- Verify EAAS Configuration – Confirm that EAAS is active on your Cisco ECE system. If you are not using EAAS, your system may not be affected, but it’s recommended to monitor for updates and further advisories.
- Monitor for Further Security Notices – Cisco regularly releases updates and advisories for various security vulnerabilities. IT teams should routinely check Cisco’s security advisories for new information that may impact their systems and infrastructures.
- Manually Restart EAAS if Affected by DoS – In cases where a system is impacted by this vulnerability, users will need to restart the EAAS process manually. This can be done via the System Console by selecting Shared Resources > Services > Unified CCE > EAAS, then clicking “Start.”
By adhering to these recommendations and staying vigilant, organizations can better protect their systems and ensure the continued security and reliability of their real-time customer service solutions.