Primary

Context

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Vulnerability

Patched

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. These vulnerabilities arise from improper input sanitization in the web-based management interface, enabling an attacker with valid administrative credentials to exploit the issue by sending a crafted HTTPS request.

Impact

Exploitation of these vulnerabilities could lead to unauthorized access to sensitive files on the affected system.

Remediation

Cisco has released software updates to address these vulnerabilities. Users should upgrade to version 14SU6 or 15SU4, depending on their current release. For those on version 12.5 or earlier, a migration to a fixed release is recommended.

Added: Apr 15, 2026, 5:57 PM

Updated: Apr 15, 2026, 5:57 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

4.4

remediation

7.7

relevance

6.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Unity Connection Arbitrary File Download Vulnerabilities

Vulnerability

Impact

Remediation

Affected Products

Cisco Unity Connection

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating