Primary

Context

Cisco Unity Connection Open Redirect Vulnerability

Vulnerability

Patched

An open redirect vulnerability has been identified in the web-based management interface of Cisco Unity Connection. This vulnerability allows an unauthenticated, remote attacker to redirect a user to a malicious web page. The issue arises from improper input validation of HTTP request parameters. Exploitation of this vulnerability requires persuading a user to click a crafted link.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of users to malicious web pages.

Remediation

Cisco has released software updates to address this vulnerability. Users should upgrade to the fixed releases indicated in the Cisco Security Advisory cisco-sa-unity-vulns-n2EJSbbw.

Added: Apr 15, 2026, 6:00 PM

Updated: Apr 15, 2026, 6:00 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.2

exploitability

5.8

remediation

7.7

relevance

5.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.2

exploitability

5.8

remediation

7.7

relevance

5.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Unity Connection Open Redirect Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Unity Connection

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating