Lucene search
K

Cisco Unity Connection Remote Code Execution (cisco-sa-voice-rce-mORhqY4b)

🗓️ 22 Jan 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 6 Views

Cisco Unity Connection is vulnerable to unauthenticated remote code execution through web requests.

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(295030);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/02");

  script_cve_id("CVE-2026-20045");
  script_xref(name:"CISCO-BUG-ID", value:"CSCwr29208");
  script_xref(name:"CISCO-SA", value:"cisco-sa-voice-rce-mORhqY4b");
  script_xref(name:"IAVA", value:"2026-A-0082");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/02/11");

  script_name(english:"Cisco Unity Connection Remote Code Execution (cisco-sa-voice-rce-mORhqY4b)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"According to its self-reported version, Cisco Unity Connection is affected by a remote code execution vulnerability:

  - A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session
    Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P),
    Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker
    to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to
    improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending
    a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful
    exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate
    privileges to root. (CVE-2026-20045)

Please see the included Cisco BID and Cisco Security Advisory for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3417e480");
  script_set_attribute(attribute:"see_also", value:"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwr29208");
  script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant fixed version referenced in Cisco bug ID CSCwr29208");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-20045");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/01/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/22");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:cisco:unity_connection");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CISCO");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("cisco_uc_version.nasl");
  script_require_keys("installed_sw/Cisco VOSS Unity");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Cisco VOSS Unity');

var version_active = get_kb_item('Host/Cisco/show_version_active');
if ('CSCwr29208' >< version_active)
  audit(AUDIT_HOST_NOT, 'affected due to an installed security patch');

var constraints = [
  { 'min_version':'12.5', 'max_version':'12.9999', 'fixed_display':'14SU5 or 15SU4' },
  { 'min_version':'14.0', 'fixed_version':'14.0.1.15900.25', 'fixed_display':'14.0.1.15900.25 (14SU5)' },
  { 'min_version':'15.0', 'fixed_version':'15.0.1.14900', 'fixed_display':'15.0.1.14900 (15SU4)' }
];

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Feb 2026 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.18.2 - 9.8
EPSS0.04307
SSVC
6