Cisco Unity Connection Vulnerability Allows Unauthorized File Upload and Command Execution
CVE-2024-20272
Summary
A vulnerability exists in the web-based management interface of Cisco Unity Connection, allowing remote attackers without authentication to upload arbitrary files to the system. This issue arises due to inadequate authentication on a specific API and improper validation of user-supplied data. By exploiting this vulnerability, an attacker can upload malicious files to the system, potentially executing arbitrary commands on the operating system and gaining elevated privileges. Organizations using affected versions of Cisco Unity Connection must take proactive measures to secure their systems against such risks.
Affected Version(s)
Cisco Unity Connection 12.0(1)SU1
Cisco Unity Connection 12.0(1)SU2
Cisco Unity Connection 12.0(1)SU3
Get notified when SecurityVulnerability.io launches alerting đź””
Well keep you posted 📧
News Articles
Help Net SecurityWeek in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days - Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective tricks for real-world
1 year ago
Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) - Help Net Security
Cisco has fixed a critical unauthenticated arbitrary file upload vulnerability (CVE-2024-20272) affecting Cisco Unity Connection.
1 year ago
Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software
Cisco patches a serious flaw in Unity Connection (CVE-2024-20272, CVSS 7.3). Don't let attackers compromise your system
1 year ago
References
CVSS V3.1
Timeline
Vulnerability published
- đź“°
First article discovered by Help Net Security
Vulnerability Reserved