CVE-2024-20272

🗓️ 17 Jan 2024 16:54:49Reported by ciscoType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 154 Views

Vulnerability in Cisco Unity Connection web-based management interface enables arbitrary file upload and command execution. Lack of authentication in API and improper data validation.

Reporter	Title	Published	Views	Family All 16
Circl	CVE-2024-20272	11 Jan 202405:58	–	circl
CISA	Cisco Releases Security Advisory for Cisco Unity Connection	11 Jan 202412:00	–	cisa
Cisco	Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability	10 Jan 202416:00	–	cisco
Tenable Nessus	Cisco Unity Connection Arbitrary File Upload (cisco-sa-cuc-unauth-afu-FROYsCsD)	2 Feb 202400:00	–	nessus
CNNVD	Cisco Unity Connection 安全漏洞	11 Jan 202400:00	–	cnnvd
CNVD	Cisco Unity Connection Arbitrary File Upload Vulnerability	16 Jan 202400:00	–	cnvd
Cvelist	CVE-2024-20272	17 Jan 202416:54	–	cvelist
EUVD	EUVD-2024-17987	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Cisco products	11 Jan 202400:00	–	ncsc
NVD	CVE-2024-20272	17 Jan 202417:15	–	nvd

NVD

Node

cisco unity_connectionRange<12.5.1.19017-4

cisco unity_connectionRange14.0–14.0.1.14006-5

[
  {
    "vendor": "Cisco",
    "product": "Cisco Unity Connection",
    "versions": [
      {
        "version": "12.0(1)SU1",
        "status": "affected"
      },
      {
        "version": "12.0(1)SU2",
        "status": "affected"
      },
      {
        "version": "12.0(1)SU3",
        "status": "affected"
      },
      {
        "version": "12.0(1)SU4",
        "status": "affected"
      },
      {
        "version": "12.0(1)SU5",
        "status": "affected"
      },
      {
        "version": "12.5(1)",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU1",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU2",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU3",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU4",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU5",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU6",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU7",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU8",
        "status": "affected"
      },
      {
        "version": "12.5(1)SU8a",
        "status": "affected"
      },
      {
        "version": "14",
        "status": "affected"
      },
      {
        "version": "14SU1",
        "status": "affected"
      },
      {
        "version": "14SU2",
        "status": "affected"
      },
      {
        "version": "14SU3",
        "status": "affected"
      },
      {
        "version": "14SU3a",
        "status": "affected"
      }
    ]
  }
]