Cisco Unity Connection Security Advisory - 20240111002¶
Overview¶
Cisco has released a security advisory relating to an Unauthenticated Arbitrary File Upload vulnerability for their Cisco Unity Connection product.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
What is vulnerable?¶
| Product(s) Affected | Summary | Severity | CVSS |
|---|---|---|---|
| Cisco Unity Connection Releases: 12.5 and earlier, 14 and earlier | A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. | Medium | 7.3 |
What has been observed?¶
The Cisco Product Security Incident Response Team (PSIRT)is not aware of any public announcements or malicious use of the vulnerability.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):