CVE-2024-20457

Q: What is the severity of CVE-2024-20457?

CVE-2024-20457 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows authenticated remote attackers to view sensitive information, including credentials, stored in clear text within Cisco Unified Communications Manager IM & Presence Service logs. Organizations running affected versions of Cisco Unified CM IM&P are impacted. Attackers can exploit this to gain unauthorized access to sensitive system information.

6.5 MEDIUM

📋 TL;DR

This vulnerability allows authenticated remote attackers to view sensitive information, including credentials, stored in clear text within Cisco Unified Communications Manager IM & Presence Service logs. Organizations running affected versions of Cisco Unified CM IM&P are impacted. Attackers can exploit this to gain unauthorized access to sensitive system information.

💻 Affected Systems

Products:

Cisco Unified Communications Manager IM & Presence Service

Versions: Versions prior to 14.0(1)SU1

Operating Systems: Cisco Unified Communications Operating System

Default Config Vulnerable: ⚠️ Yes

Notes: Affects systems with default logging configurations where credentials are stored in logs.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain administrative credentials, gain full control of the Unified CM IM&P system, and potentially pivot to other network systems.

🟠

Likely Case

Attackers harvest user credentials from logs, leading to unauthorized access to communications services and potential data exfiltration.

🟢

If Mitigated

With proper log access controls and monitoring, attackers cannot access logs, preventing credential exposure.

🌐 Internet-Facing: MEDIUM - Requires authenticated access, but internet-facing systems increase attack surface.

🏢 Internal Only: HIGH - Internal attackers with authenticated access can easily exploit this to escalate privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to log files, making it straightforward for authorized users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.0(1)SU1 and later

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n

Restart Required: Yes

Instructions:

1. Download the patch from Cisco's software download center. 2. Apply the patch following Cisco's upgrade procedures. 3. Restart the Unified CM IM&P service to apply changes.

🔧 Temporary Workarounds

Restrict Log Access

linux

Limit access to log files to authorized administrators only.

chmod 600 /path/to/logs/*
setfacl -m u:admin:rw /path/to/logs/

Enable Log Encryption

all

Configure logging to encrypt sensitive data in logs.

configure log encryption settings via Cisco Unified CM IM&P administration interface

🧯 If You Can't Patch

Implement strict access controls to limit who can view log files.
Monitor log access and set up alerts for unauthorized log file access attempts.

🔍 How to Verify

Check if Vulnerable:

Check the Unified CM IM&P version via the administration interface or CLI command 'show version active'.

Check Version:

show version active

Verify Fix Applied:

Verify the version is 14.0(1)SU1 or later and check logs for encrypted credential storage.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access to log files
Log entries containing clear text credentials

Network Indicators:

Unusual authentication attempts from new IPs after log access

SIEM Query:

source="cisco_imp_logs" AND (event="log_file_access" AND user NOT IN authorized_users) OR (log_message CONTAINS "password" OR "credential")

📊 Metadata

CVE ID: CVE-2024-20457

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: November 6, 2024

Last Updated: August 7, 2025

🔗 References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

Unified Communications Manager Im And Presence Service by Cisco

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Log Access

Enable Log Encryption

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities