Cisco Unified Intelligent Contact Management: Remote Code Execution Vulnerability

Users of Cisco Unified Intelligent Contact Management please be advised of a Remote Code Execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (

ZDI-10-233: [ZDI-10-233] Cisco ICM Setup Manager Agent.exe AgentUpgrade Remote Code Execution Vulnerability

— Affected Products:
Cisco Unified Intelligent Contact Management
— Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Cisco Unified ICM. Authentication is not
required to exploit this vulnerability.

The flaw exists within the Agent.exe component which listens by default
on TCP port 40078. When handling the AgentUpgrade packet type the
process blindly copies user supplied data to a fixed-length stack
buffer. A remote attacker can abuse this to execute arbitrary code under
the context of the SYSTEM user.