Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-text-to-speech domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-bookmark-follow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the soledad domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-paywall domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the penci-frontend-submission domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/revifuxl/hacksbyte.com/wp-includes/functions.php on line 6114
Cisco fixes high-risk vulnerability affecting Unity Connection software – HacksByte

Cisco fixes high-risk vulnerability affecting Unity Connection software

Cisco has released a software update to address a critical security flaw affecting Unity Connection that could allow an adversary to execute arbitrary commands on the underlying system.

Tracked as CVE-2024-20272 (CVSS score: 7.3), the vulnerability is an arbitrary file upload bug residing in the web-based management interface and is the result of a lack of authentication in a specific API and improper validation of user-supplied data.

“An attacker could exploit this vulnerability by uploading arbitrary files to an affected system,” Cisco said in an advisory issued Wednesday. “A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and escalate privileges to root.”

This flaw affects the following versions of Cisco Unity Connection. Version 15 is not vulnerable.

  • 12.5 and earlier (Fixed in version 12.5.1.19017-4)
  • 14 (Fixed in version 14.0.1.14006-5)

Security researcher Maxim Suslov has been credited with discovering and reporting the flaw. Cisco has made no mention of exploiting the bug in the wild, but recommends that users update to a fixed version to mitigate potential threats.

Along with the patch for CVE-2024-20272, Cisco also sent updates to resolve 11 medium-severity vulnerabilities spanning its software, including the Identity Services Engine, WAP371 Wireless Access Point, ThousandEyes Enterprise Agent, and TelePresence Management Suite (TMS).

Cisco, however, noted that it does not intend to release a fix for the command injection bug in WAP371 (CVE-2024-20287, CVSS score: 6.5), stating that the device has reached end-of-life (EoL) as of June 2019. It’s instead recommending customers migrate to the Cisco Business 240AC Access Point.

Related posts

Security expert turns out to be a scammer, used Apple’s bug to rob the company of $2.5 million

US cyber security agency warns that Ivanti EPMM vulnerability is being actively exploited

PAX PoS terminal flaw could allow attackers to tamper with transactions

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More