HomeVulnerabilityCisco Fixes Excessive-Threat Vulnerability Impacting Unity Connection Software program

Cisco Fixes Excessive-Threat Vulnerability Impacting Unity Connection Software program

Cisco has launched software program updates to handle a important security flaw impacting Unity Connection that might allow an adversary to execute arbitrary instructions on the underlying system.

Tracked as CVE-2024-20272 (CVSS rating: 7.3), the vulnerability is an arbitrary file add bug residing within the web-based administration interface and is the results of a scarcity of authentication in a particular API and improper validation of user-supplied knowledge.

“An attacker may exploit this vulnerability by importing arbitrary information to an affected system,” Cisco stated in an advisory launched Wednesday. “A profitable exploit may enable the attacker to retailer malicious information on the system, execute arbitrary instructions on the working system, and elevate privileges to root.”

The flaw impacts the next variations of Cisco Unity Connection. Model 15 shouldn’t be susceptible.

  • 12.5 and earlier (Fastened in model 12.5.1.19017-4)
  • 14 (Fastened in model 14.0.1.14006-5)

Safety researcher Maxim Suslov has been credited with discovering and reporting the flaw. Cisco makes no point out of the bug being exploited within the wild, nevertheless it’s suggested that customers replace to a hard and fast model to mitigate potential threats.

See also  CISA Warns of Actively Exploited Apache Flink Safety Vulnerability

Alongside the patch for CVE-2024-20272, Cisco has additionally shipped updates to resolve 11 medium-severity vulnerabilities spanning its software program, together with Id Providers Engine, WAP371 Wi-fi Entry Level, ThousandEyes Enterprise Agent, and TelePresence Administration Suite (TMS).

Cisco, nevertheless, famous that it doesn’t intend to launch a repair for the command injection bug in WAP371 (CVE-2024-20287, CVSS rating: 6.5), stating that the system has reached end-of-life (EoL) as of June 2019. It is as an alternative recommending prospects migrate to the Cisco Enterprise 240AC Entry Level.

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular