What is CVE-2024-20375?

A high-severity vulnerability in Cisco Unified Communications Manager could permit remote attackers to cause a denial of service. Organizations should patch immediately to mitigate the risk of service interruptions.

What is the severity of CVE-2024-20375?

CVE-2024-20375 has a severity rating of HIGH with a CVSS base score of 8.6.

CVE-2024-20375 | High Vulnerability in Cisco Unified Communications Manager

A vulnerability in the SIP call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper parsing of SIP messages. An attacker could exploit this vulnerability by sending a crafted SIP message to an affected Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices.

Given the CVSS score of 8.6, this vulnerability is classified as high severity. The potential impact on organizations is significant, as the availability of voice and video communications can be critically disrupted. Organizations utilizing affected Cisco products should prioritize remediation efforts to prevent exploitation.

Currently, there are no public exploits available for this vulnerability, and it has not been classified as actively exploited in the wild. However, the exploitability score indicates a high potential for exploitation. As such, organizations should remain vigilant and monitor for any updates from Cisco regarding this vulnerability.

Organizations should prioritize patching immediately to mitigate the risk associated with this vulnerability.

Vulnerability Details

The vulnerability is due to improper parsing of SIP messages, leading to the potential for denial of service. The affected products include various versions of Cisco Unified Communications Manager, specifically versions 12.0(1)SU1 through 12.5(1)SU8. The vulnerability affects both Unified CM and Unified CM SME implementations.

The vulnerability was published on August 21, 2024, and is classified under CWE-787, which is related to improper input validation.

Technical Analysis

The root cause of this vulnerability stems from the incorrect handling of SIP messages. Attackers may exploit this vulnerability by sending specially crafted SIP messages to the affected devices over the network. The attack complexity is low, as the attacker does not need any privileges or user interaction to execute the attack. The impact on availability is high, as successful exploitation can lead to the affected device reloading, causing service interruptions.

Risk & Impact Analysis

Risk to organizations includes the potential disruption of voice and video communications. The blast radius could affect all users relying on the Unified CM for communication services. Given the high severity and exploitability potential, organizations should assess their risk profile and take immediate actions to patch affected systems, ensuring continuity of operations.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions include Cisco Unified Communications Manager versions 12.0(1)SU1 through 12.0(1)SU5 and 12.5(1)SU1 through 12.5(1)SU8. Organizations should verify their systems against these versions to ensure they are not at risk.

Mitigation & Remediation

Cisco has provided patches for the affected versions. Organizations should review the available updates and apply them as soon as possible to mitigate this vulnerability. For further assistance, organizations can consult their support teams or reach out to Cisco directly.

Detection Guidance

Monitor logs for unusual SIP message patterns that could indicate attempts to exploit this vulnerability. Additionally, keep an eye on system reboots that correlate with increased SIP traffic.

AppSecure Threat Intelligence Insight

This vulnerability highlights the ongoing need for robust input validation in network services. Organizations should ensure that their security measures address potential weaknesses in SIP handling. For further information on securing SIP protocols, organizations can refer to our API security best practices guide. Furthermore, regular penetration testing can help identify similar vulnerabilities in other systems, which can be found in our penetration testing service. As always, staying informed of emerging threats is crucial in maintaining a secure environment, so organizations should consider subscribing to our penetration testing methodology updates.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2024-20375: High Vulnerability in Cisco Unified Communications Manager