QID 317407
Date Published: 2024-01-11
QID 317407: Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability (cisco-sa-cuc-unauth-afu-FROYsCsD)
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system.
Affected Product:
Cisco Unity Connection prior to 12.5.1.19017-4
Cisco Unity Connection from 14 and prior to 14.0.1.14006-5
QID Detection Logic (Authenticated):
The check matches Cisco Unified Communications Manager version retrieved via Unix Auth using "show cuc version" command.
A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.
Cisco has released an advisory detailing various solutions available to fix this issue. Refer to Cisco Security Advisory cisco-sa-cuc-unauth-afu-FROYsCsD for additional information on obtaining the fixes.
- cisco-sa-cuc-unauth-afu-FROYsCsD -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD
CVEs related to QID 317407
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-cuc-unauth-afu-FROYsCsD |
sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD |