Cisco has issued patches for a critical vulnerability in its Unity Connection unified messaging and voicemail solution.
The vulnerability, identified as CVE-2024-20272, can be used remotely and without authentication to upload any files to a system, run commands on the operating system underneath, and gain root privileges. This vulnerability results from incorrect validation of user-supplied data and a lack of authentication in a particular API. According to Cisco’s advisory, “an attacker could exploit this vulnerability by uploading arbitrary files.”
Cisco states that there are no known solutions to address this vulnerability. There are no known instances of the vulnerability being exploited in the wild, according to the technology company.
Read More: Cisco Patches Critical Vulnerability in Unity Connection Product