CVE-2024-20484 – An unauthenticated remote attacker can send cra... (How to Fix)

Q: What is the severity of CVE-2024-20484?

CVE-2024-20484 has a CVSS score of 7.5 (HIGH). An unauthenticated remote attacker can send crafted MR PIM traffic to Cisco Enterprise Chat and Email (ECE) to trigger a denial of service in the External Agent Assignment Service (EAAS). This prevents customers from starting chat, callback, or delayed callback sessions. Affected systems are Cisco ECE deployments with EAAS feature enabled.

📋 TL;DR

An unauthenticated remote attacker can send crafted MR PIM traffic to Cisco Enterprise Chat and Email (ECE) to trigger a denial of service in the External Agent Assignment Service (EAAS). This prevents customers from starting chat, callback, or delayed callback sessions. Affected systems are Cisco ECE deployments with EAAS feature enabled.

💻 Affected Systems

Products:

Cisco Enterprise Chat and Email (ECE)

Versions: All versions prior to 12.6(1)ES2

Operating Systems: Not specified

Default Config Vulnerable: ⚠️ Yes

Notes: Requires EAAS feature to be enabled and configured with Cisco Unified Contact Center Enterprise (CCE).

📦 What is this software?

Enterprise Chat And Email by Cisco

View all CVEs affecting Enterprise Chat And Email →

Enterprise Chat And Email by Cisco

View all CVEs affecting Enterprise Chat And Email →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of chat, callback, and delayed callback services requiring manual EAAS process restart after attack stops.

🟠

Likely Case

Intermittent service disruption affecting customer support operations until attack traffic ceases and EAAS is manually restarted.

🟢

If Mitigated

Limited impact with proper network segmentation and traffic filtering preventing crafted MR PIM packets from reaching vulnerable systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending crafted MR PIM traffic to vulnerable EAAS service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 12.6(1)ES2 and later

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv

Restart Required: Yes

Instructions:

1. Download Cisco ECE 12.6(1)ES2 or later from Cisco Software Center. 2. Follow Cisco ECE upgrade documentation. 3. Apply the update to all affected systems. 4. Restart EAAS service after upgrade.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to EAAS service ports to only trusted Cisco Unified CCE systems.

Traffic Filtering

all

Implement network filtering to block unexpected MR PIM traffic patterns.

🧯 If You Can't Patch

Implement strict network segmentation to isolate EAAS service from untrusted networks.
Deploy intrusion prevention systems to detect and block crafted MR PIM traffic patterns.

🔍 How to Verify

Check if Vulnerable:

Check Cisco ECE version via System Console > About. Versions prior to 12.6(1)ES2 are vulnerable if EAAS is enabled.

Check Version:

Not provided - use Cisco ECE System Console interface

Verify Fix Applied:

Verify version is 12.6(1)ES2 or later and test chat/callback functionality.

📡 Detection & Monitoring

Log Indicators:

EAAS service failures
MR PIM connection errors
Unusual traffic patterns to EAAS ports

Network Indicators:

Unexpected MR PIM protocol traffic
High volume of malformed packets to EAAS service ports

SIEM Query:

source="ece-logs" AND ("EAAS failure" OR "MR PIM error" OR "connection reset")

📊 Metadata

CVE ID: CVE-2024-20484

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: November 6, 2024

Last Updated: April 4, 2025

🔗 References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-20484, you might also want to check these: