Cisco Unity Connection Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the web-based management interface of Cisco Unity Connection. This vulnerability allows an authenticated, remote attacker to execute arbitrary code on the affected device. The issue arises from inadequate validation of user-supplied input, enabling attackers to exploit it by sending crafted API requests. Successful exploitation could allow the attacker to execute code with root privileges, potentially leading to a complete compromise of the device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.

Impact

Exploitation of this vulnerability could result in arbitrary code execution on the affected device with root privileges, allowing for a complete compromise of the device.

Remediation

Cisco has released software updates to address this vulnerability. Users can upgrade to the fixed releases mentioned in the Cisco Security Advisory. For versions 15.0, a specific patch file is available.