Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software

Unity Connection Software

Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system.

Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific API and improper validation of user-supplied data.

“An attacker could exploit this vulnerability by uploading arbitrary files to an affected system,” Cisco said in an advisory released Wednesday. “A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.”

The flaw impacts the following versions of Cisco Unity Connection. Version 15 is not vulnerable.

  • 12.5 and earlier (Fixed in version
  • 14 (Fixed in version

Security researcher Maxim Suslov has been credited with discovering and reporting the flaw. Cisco makes no mention of the bug being exploited in the wild, but it’s advised that users update to a fixed version to mitigate potential threats.

Alongside the patch for CVE-2024-20272, Cisco has also shipped updates to resolve 11 medium-severity vulnerabilities spanning its software, including Identity Services Engine, WAP371 Wireless Access Point, ThousandEyes Enterprise Agent, and TelePresence Management Suite (TMS).

Cisco, however, noted that it does not intend to release a fix for the command injection bug in WAP371 (CVE-2024-20287, CVSS score: 6.5), stating that the device has reached end-of-life (EoL) as of June 2019. It’s instead recommending customers migrate to the Cisco Business 240AC Access Point.

Original Source

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.