A critical vulnerability of severe severity has been found in Cisco Unity Connection's web-based management interface.
This flaw might allow a remote, unauthenticated attacker to upload arbitrary files to a compromised system and run commands on the underlying operating system.
With its various message access choices, Cisco Unity Connection is a powerful unified messaging and voicemail solution that helps you collaborate more quickly.
Cisco has published software upgrades to address this critical vulnerability.
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month.
With a CVSS score of 7.3, the Cisco unity connection unauthenticated arbitrary file upload vulnerability is tracked as CVE-2024-20272.
An attacker could exploit this vulnerability by uploading arbitrary files to a compromised system.
If the exploit is successful, the attacker might be able to run arbitrary operating system commands, store malicious files on the system, and gain root access.
The Product Security Incident Response Team at Cisco stated that the organization is unaware of any malicious use or public announcements about the vulnerability detailed in this warning.
This vulnerability impacts the Cisco Unity Connection.
Free software upgrades that fix the issue have been made available by Cisco.
It is recommended that users upgrade to the latest version to prevent this vulnerability from getting exploited.
Try Kelltron's cost-effective penetration testing services for free to assess and evaluate the security posture of digital systems.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 11 Jan 2024 16:10:04 +0000