Multiple Vulnerabilities in Cisco Unity Connection

2012-02-29T16:00:00
ID CISCO-SA-20120229-CUC
Type cisco
Reporter Cisco
Modified 2012-04-02T14:16:01

Description

Cisco Unity Connection contains a vulnerability that may allow an authenticated, remote attacker with privilege of the Help Desk Administrator role to elevate privileges and obtain full access to the affected system.

The vulnerability is due to improper privilege assignment and validation of the "Help Desk Administrator" role. An attacker could exploit this vulnerability by logging in to the system as the Help Desk Administrator user and changing the password for the administrative user.

Cisco Unity Connection contains a vulnerability that may allow an unauthenticated, remote attacker to cause system services to terminate unexpectedly, which may result in a denial of service.

The vulnerability is due to improper handling of TCP segments. An attacker could exploit this vulnerability by sending a sequence of TCP segments to the affected system.