Critical Cisco Unity Connection Flaw Let Attackers Run Command

A critical vulnerability of severe severity has been found in Cisco Unity Connection's web-based management interface.
This flaw might allow a remote, unauthenticated attacker to upload arbitrary files to a compromised system and run commands on the underlying operating system.
With its various message access choices, Cisco Unity Connection is a powerful unified messaging and voicemail solution that helps you collaborate more quickly.
Cisco has published software upgrades to address this critical vulnerability.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
With a CVSS score of 7.3, the Cisco unity connection unauthenticated arbitrary file upload vulnerability is tracked as CVE-2024-20272.
An attacker could exploit this vulnerability by uploading arbitrary files to a compromised system.
If the exploit is successful, the attacker might be able to run arbitrary operating system commands, store malicious files on the system, and gain root access.
The Product Security Incident Response Team at Cisco stated that the organization is unaware of any malicious use or public announcements about the vulnerability detailed in this warning.
This vulnerability impacts the Cisco Unity Connection.
Free software upgrades that fix the issue have been made available by Cisco.
It is recommended that users upgrade to the latest version to prevent this vulnerability from getting exploited.
Try Kelltron's cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems.


This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 11 Jan 2024 16:10:04 +0000


Cyber News related to Critical Cisco Unity Connection Flaw Let Attackers Run Command

Critical Cisco Unity Connection Flaw Let Attackers Run Command - A critical vulnerability of severe severity has been found in Cisco Unity Connection's web-based management interface. This flaw might allow a remote, unauthenticated attacker to upload arbitrary files to a compromised system and run commands on the ...
9 months ago Cybersecuritynews.com
Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! - Cisco has fixed a critical vulnerability in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system. Cisco Unity Connection is a unified messaging and voicemail ...
9 months ago Helpnetsecurity.com
Cisco says critical Unity Connection bug lets attackers get root - Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. Unity Connection is a fully virtualized messaging and voicemail solution for email inboxes, web ...
9 months ago Bleepingcomputer.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
7 months ago Feedpress.me
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
5 months ago Securityaffairs.com
What's Coming to Cisco Live Europe 2024 for the Data Center Developer? - In just a week or so, Cisco Live EMEA, 2024 will be ready to sizzle at the RAI Amsterdam. From a Cisco Cloud Networking standpoint, Cisco Nexus Dashboard, Cisco ACI, and Nexus 9000 Series switches are showing up in a big way. Read on to learn what ...
9 months ago Feedpress.me
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
5 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
5 months ago Securityaffairs.com
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
7 months ago Feedpress.me
Embrace the Multicloud Era with Cisco Learning and Certifications at Cisco Live Amsterdam - It's time to come together with experts and thousands of your peers to connect, learn, and advance your career with the Learning & Certifications team at Cisco Live Amsterdam, February 5-9, 2024. Let's dive into how you can make the most of your ...
9 months ago Feedpress.me
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
4 months ago Securityaffairs.com
Cisco Patches Critical Vulnerability in Unity Connection Product - Cisco on Wednesday announced patches for a critical-severity vulnerability in the Unity Connection unified messaging and voicemail solution. The issue, tracked as CVE-2024-20272, can be exploited remotely, without authentication, to upload arbitrary ...
9 months ago Securityweek.com
Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
9 months ago Darkreading.com
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
4 months ago Crowdstrike.com
Join Customer Experience for Cisco Live EMEA Demos - In her blog, Countdown to Cisco Live EMEA, Adele Trombetta, SVP, Cisco Customer Experience EMEA, mentioned how excited she is for Cisco Live EMEA in just a little more than a week, and I agree. I want to go a little deeper and give you some more ...
9 months ago Feedpress.me
The power of community helps Cisco Insider Rob Taylor bring innovation to his customers. - Cisco's advocacy community, Cisco Insider Advocates, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in their field. Fate stepped in, ...
5 months ago Feedpress.me
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
10 months ago Techtarget.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
11 months ago Feedpress.me
Patch Now: Cisco Zero-Day Under Fire From Chinese APT - Cisco has patched a command-line injection flaw in a network management platform used to manage switches in data centers, which, according to researchers from Sygnia, already has been exploited by the China-backed threat group known as Velvet Ant. ...
4 months ago Darkreading.com
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
11 months ago Darkreading.com
Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
11 months ago Bleepingcomputer.com
Inspiring Innovation at Cisco Live Las Vegas 2024 - Being in the technology industry means we've all had a front-row seat to witness tectonic shifts such as the inception of the internet and now Cisco will impact that level of change again. To assist you in this journey at Cisco Live, and beyond, is ...
5 months ago Feedpress.me
From IT Pro to Swiftie, Scott Sardella's Winning Big with Cisco Insider Advocates - Cisco's advocacy community, Cisco Insider, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in the field. The support from Cisco TAC ...
5 months ago Feedpress.me
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)