What is CVE-2024-20375?

CVE-2024-20375 is a high-severity vulnerability in Cisco Unified Communications Manager, classified under Out-of-bounds Write. CVSS score: 8.6/10. Published 2024-08-21.

How severe is CVE-2024-20375?

High severity. CVSS v3 base score is 8.6 out of 10.

Buffer overflow in Cisco Unified Communications Manager

CVE-2024-20375

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker t…

Vulnerability class: Buffer Overflow

EPSS: 0.010 (76.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.

Affected products

Cisco Unified Communications Manager — versions 12.0(1)SU1, 12.0(1)SU2, 12.0(1)SU3

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

cisco-sa-cucm-dos-kkHq43We

Frequently asked questions

What is CVE-2024-20375?: CVE-2024-20375 is a high-severity vulnerability in Cisco Unified Communications Manager, classified under Out-of-bounds Write. CVSS score: 8.6/10. Published 2024-08-21.
How severe is CVE-2024-20375?: High severity. CVSS v3 base score is 8.6 out of 10.