Lucene search
+L
CiscoUnity Connection14su2

8 matches found

CVE
CVE
added 2023/08/30 4:18 p.m.92 views

CVE-2023-20266

CVE-2023-20266 affects Cisco Emergency Responder, Unified CM, Unified CM SME, and Cisco Unity Connection. The issue stems from improper restrictions on upgrade files, where a crafted upgrade package could enable an authenticated attacker with platform administrator credentials to elevate privileg...

7.2CVSS6.8AI score0.00364EPSS
CVE
CVE
added 2026/04/15 4:11 p.m.31 views

CVE-2026-20061

Cisco Unity Connection exposes a SQL injection vulnerability in its web-based management interface. The issue arises from insufficient validation of user-supplied input, allowing an authenticated, remote attacker with valid credentials to submit crafted HTTP(S) requests to view data on the device...

6.5CVSS6AI score0.00228EPSS
CVE
CVE
added 2026/05/06 4:16 p.m.30 views

CVE-2026-20034

Cisco Unity Connection’s web-based management interface is affected by a vulnerability where insufficient validation of user-supplied input enables an authenticated attacker, with valid credentials, to submit a crafted API request and execute arbitrary code as root. The impact is potentially comp...

8.8CVSS6.3AI score0.00712EPSS
CVE
CVE
added 2026/04/15 4:11 p.m.22 views

CVE-2026-20059

Cisco Unity Connection’s web-based management interface is affected by a reflected XSS vulnerability (CVE-2026-20059). An unauthenticated, remote attacker can lure a user to click a crafted link, exploiting insufficient input validation to execute arbitrary script in the user’s browser or access ...

6.1CVSS6.1AI score0.00193EPSS
CVE
CVE
added 2026/05/06 4:15 p.m.20 views

CVE-2026-20035

Cisco Unity Connection Web Inbox SSRF: unauthenticated attacker can cause the affected device to issue arbitrary network requests via crafted HTTP requests due to improper input validation. Affected component is the web UI; CVSS 3.1 base score 7.2 (NETWORK, HIGH). Exploitation status and remediat...

7.2CVSS6AI score0.00304EPSS
CVE
CVE
added 2026/04/15 4:3 p.m.20 views

CVE-2026-20078

Product/affected component: Cisco Unity Connection (web-based management interface). Vulnerability: Multiple input sanitization failures allow an authenticated, remote attacker to download arbitrary files from the affected system. Prerequisites: Valid administrative credentials. Attack vector: Ne...

6.5CVSS6AI score0.00388EPSS
CVE
CVE
added 2026/04/15 4:11 p.m.18 views

CVE-2026-20060

CVE-2026-20060 affects Cisco Unity Connection’s web-based management interface. It is a open-redirect vulnerability caused by improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and be redirected to a malici...

4.7CVSS5.8AI score0.00202EPSS
CVE
CVE
added 2026/04/15 4:3 p.m.16 views

CVE-2026-20081

Cisco Unity Connection is affected by CVE-2026-20081, which involves multiple vulnerabilities caused by improper sanitization of user input in the web-based management interface. An authenticated attacker with valid administrative credentials can trigger a crafted HTTPS request to download arbitr...

6.5CVSS6AI score0.00388EPSS