QID 316922
Date Published: 2021-04-15
QID 316922: Cisco Unified Communications Products Remote Code Execution Vulnerability(cisco-sa-cucm-rce-pqVYwyb)
A vulnerability in the SOAP API endpoint of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management
Edition, Cisco Unified Communications Manager IM Presence Service, Cisco Unity Connection
, and Cisco Prime License Manager could allow an authenticated,
remote attacker to execute arbitrary code on an affected device.
Affected Products
Cisco products if they are running a vulnerable software release:
Unified Communications Manager (Unified CM)
Unified Communications Manager Session Management Edition (Unified CM SME)
Unified Communications Manager IM Presence Service (Unified CM IMP)
Unity Connection
Prime License Manager
QID Detection Logic (Authenticated):
The check matches the Cisco Unified Communications Product version retrieved via Unix Auth using " Active Master Version:" command.
A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.
Customers are advised to refer to cisco-sa-cucm-rce-pqVYwyb for more information.
- cisco-sa-cucm-rce-pqVYwyb -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb
CVEs related to QID 316922
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-cucm-rce-pqVYwyb |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-pqVYwyb |