Brother
Professional
- Messages
- 2,590
- Reaction score
- 488
- Points
- 83
Cisco gave hackers free access to users devices.
Cisco has fixed a critical vulnerability in Unity Connection that allows an unauthenticated attacker to remotely gain root rights on uncorrected devices. Unity Connection is a messaging platform and voice mail system that is part of the Cisco Unified Communications product suite.
Vulnerability CVE-2024-20272 (CVSS score: 7.3) is related to the lack of authentication in a specific API and incorrect verification of data provided by the user. The bug was discovered in the Unity Connection web management interface and allows a cybercriminal to execute commands on the underlying operating system, download and store arbitrary files on the target system,and increase privileges to root.
The vulnerability affects the following versions of Cisco Unity Connection:
The Cisco Product Security Incident Response Team (PSIRT) said that the company has no evidence of active use of the vulnerability in real-world conditions, but recommends that users upgrade to the corrected version to reduce potential threats.
Cisco has fixed a critical vulnerability in Unity Connection that allows an unauthenticated attacker to remotely gain root rights on uncorrected devices. Unity Connection is a messaging platform and voice mail system that is part of the Cisco Unified Communications product suite.
Vulnerability CVE-2024-20272 (CVSS score: 7.3) is related to the lack of authentication in a specific API and incorrect verification of data provided by the user. The bug was discovered in the Unity Connection web management interface and allows a cybercriminal to execute commands on the underlying operating system, download and store arbitrary files on the target system,and increase privileges to root.
The vulnerability affects the following versions of Cisco Unity Connection:
- 12.5 and earlier versions (fixed in version 12.5.1.19017-4);
- 14 (fixed in version 14.0.1.14006-5).
The Cisco Product Security Incident Response Team (PSIRT) said that the company has no evidence of active use of the vulnerability in real-world conditions, but recommends that users upgrade to the corrected version to reduce potential threats.
