Cisco Unified Intelligent Contact Management: Remote Code Execution Vulnerability

Users of Cisco Unified Intelligent Contact Management please be advised of a Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

ZDI-10-234: [ZDI-10-234] Cisco ICM Setup Manager Agent.exe HandleQueryNodeInfoReq Remote Code Execution Vulnerab

— Affected Products:
Cisco Unified Intelligent Contact Management
— Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Cisco ICM. Authentication is not required to
exploit this vulnerability.

The flaw exists within the Agent.exe component which listens by default
on TCP port 40078. When handling the HandleQueryNodeInfoReq packet type
the process blindly copies user supplied data into a fixed-length stack
buffer. A remote attacker can abuse this to execute arbitrary code under
the context of the SYSTEM user.