424 matches found
Cross site scripting
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...
CVE-2024-20305
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...
CVE-2024-20305
Cisco Unity Connection's web-based management interface is affected by an XSS vulnerability due to improper input validation. An authenticated, remote attacker could lure a user into clicking a crafted link, enabling arbitrary script execution in the user’s browser context or access to sensitive ...
CVE-2024-20305
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...
Cisco Unity Connection 安全漏洞
Cisco Unity Connection UC is a set of voice messaging platforms from the U.S. company Cisco Cisco. The platform can use voice commands to make calls or listen to messages hands-free. Cisco Unity Connection suffers from a cross-site scripting vulnerability that stems from the web-based...
The vulnerabilities of Cisco Packaged Contact Center Enterprise, Unified Communications Manager, Unified Communications Manager IM & Presence Service, Unified Communications Manager Session Management Edition, Unified Contact Center Enterprise, Unified Contact Center Express, Unity Connection, and Virtualized Voice Browser involve defects in the deserialization mechanism, allowing attackers to execute arbitrary code.
The vulnerabilities of Cisco Packaged Contact Center Enterprise, Unified Communications Manager, Unified Communications Manager IM & Presence Service, Unified Communications Manager Session Management Edition, Unified Contact Center Enterprise, Unified Contact Center Express, Unity Connection, an...
Cisco Unity Connection RCE (cisco-sa-cucm-rce-bWNzQcUm)
According to its self-reported version, Cisco Unity Connection running on the report host is affected by a remote code execution RCE vulnerability. Due to improper processing of user-provided data that is being read into memory, an unauthenticated, remote, attacker can execute arbitrary code with...
Cisco Unity Connection Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly valida...
PT-2024-1296 · Cisco · Cisco Unity Connection
Name of the Vulnerable Software and Affected Versions: Cisco Unity Connection affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack...
CVE-2024-20272
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a...
CVE-2024-20272
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a...
Input validation
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a...
CVE-2024-20272
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a...
CVE-2024-20272
CVE-2024-20272 affects Cisco Unity Connection. An unauthenticated attacker can exploit a lack of authentication in a specific API and improper validation to upload arbitrary files, potentially storing malicious files, executing commands on the underlying OS, and elevating privileges to root. Cisc...
CVE-2024-20272
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a...
Cisco Unity Connection Arbitrary File Upload Vulnerability
Cisco Unity Connection UC is a set of voice messaging platforms from the American company Cisco Cisco. The platform can use voice commands to make calls or listen to messages hands-free. Cisco Unity Connection suffers from an arbitrary file upload vulnerability that stems from the application's...
Cisco Releases Security Advisory for Cisco Unity Connection
Cisco released a security advisory to address a vulnerability CVE-2024-20272 in Cisco Unity Connection. A cyber threat actor could exploit this vulnerability to take control of an affected system. CISA encourages users and administrators to review the Cisco Unity Connection Unauthenticated...
Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software
Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary commands on the underlying system. Tracked as CVE-2024-20272 CVSS score: 7.3, the vulnerability is an arbitrary file upload bug residing in the...
Cisco Unity Connection 安全漏洞
Cisco Unity Connection UC is a set of voice messaging platforms from the American company Cisco Cisco. The platform can use voice commands to make calls or listen to messages hands-free. Cisco Unity Connection suffers from an arbitrary file upload vulnerability that stems from the application's...
The vulnerability in the Web interface of the Cisco Unity Connection system allows a perpetrator to execute arbitrary commands with root privileges.
The vulnerability of the Cisco Unity Connection messaging system’s web management interface is related to the lack of authentication in the application programming interface. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges by loading...