A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:LCisco Unity Connection
APPCisco< 12.5.1.19017-414.0 – 14.0.1.14006-5 (bez)
Powiązane podatności
RCE w produktach Cisco Unified Communications — eskalacja do root
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating Sy...
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Ses...
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, ...
A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenti...