CVE-2024-20484Improper Input Validation in Cisco Enterprise Chat AND Email

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Enterprise Chat AND EmailCisco Enterprise Chat AND Email
Timeline
PublishedNov 6

Description

A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDcisco/enterprise_chat_and_email12.6(1)12.6(1)es9+1
CVEListV5cisco/cisco_enterprise_chat_and_email75 versions+74

🔴Vulnerability Details

2
CVEList
Cisco Enterprise Chat and Email Denial of Service Vulnerability2024-11-06
GHSA
GHSA-jvmc-2wg5-j9pw: A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remot2024-11-06

📋Vendor Advisories

1
Cisco
Cisco Enterprise Chat and Email Denial of Service Vulnerability2024-11-06
CVE-2024-20484 — Improper Input Validation in Cisco | cvebase