Cisco Unity critical vulnerability
Cisco Unity critical vulnerability
Summary
Cisco has patched a critical vulnerability in their Unity product. The vulnerability allows unauthorized attackers to gain remote access to root privileges on the unpatched devices. At the moment of writing Cisco confirmed that this is not being exploited in the wild.
CVE-2024-20272 CVSS 3.1, 7.3: located in the web-based management interface. The vulnerability allows attackers to execute commands by uploading arbitrary files and allows to elevate privileges to root.
Affected products
Version 12.5 and earlier versions
Version 14
Security recommendations
Cisco recommends to update to version:
- 5.1.19017-4
- 0.1.14006-5
- Version 15 not vulnerable