top of page
  • Clipeus

Cisco Unity Connection High-Severity Vulnerability



On 10 January 2024, Cisco fixed a high severity vulnerability (CVE-2024-20272, CVSS: 7.3) affecting specific versions of Cisco Unity Connection. Affected products and first fixed versions below:

Product and Version

First Fixed Release

Cisco Unity Connection 12.5

12.5.1.19017-4

Cisco Unity Connection 14

14.0.1.14006-5

Cisco Unity Connection 15

Not vulnerable


The vulnerability exists in a specific API of the web-based management interface which fails to properly validate user-supplied data, subsequently enabling unauthenticated upload of arbitrary files.


This vulnerability may lead to significant security ramifications as a potential attacker may exploit it to deliver malware or files to be used in a broader attack chain, alongside carrying out threats with potential to affect the confidentiality, integrity and/or availability of any data on the system.


It is important to note there is no workaround; remediation involves patching.

Comments


Commenting has been turned off.

If you are interested in specifics or additional insights on the threats above or any other threat, please visit our dedicated service page or reach out to info@clipeusintelligence.com with your inquiry. We would be glad to assist you

bottom of page