Cisco has resolved a high-severity security vulnerability in Unity Connection that opens the door for unauthenticated attackers to upload malicious files, execute arbitrary commands, and gain root privileges on affected devices.
Details of the Cisco Unity Connection Vulnerability (CVE-2024-20272)
Tracked as CVE-2024-20272, the vulnerability holds a CVSS score of 7.3, although it is categorized with critical severity by Cisco. Importantly, it is non-local, necessitating neither authentication nor privileges, nor user interaction.
Cisco’s advisory attributes the vulnerability to a lack of authentication in a specific API and improper validation of user-supplied data. It affects specifically the web-based management interface of Cisco Unity Connection – a messaging and voicemail system – and poses a significant security threat.
Exploiting CVE-2024-20272 involves the attacker uploading arbitrary files to the targeted system. A successful exploit grants the ability to store malicious files, execute arbitrary commands on the operating system, and escalate privileges to root.
While primarily labeled as an arbitrary file upload vulnerability, its potential for privilege escalation adds significant concern. In our review of CISA’s KEV Catalog for 2023, we highlighted privilege escalation as the most exploited vulnerability type, followed by code execution and command injection vulnerabilities. This indicates a rising trend in the exploitation of such vulnerabilities, and underscores the pressing need to fortify our defenses accordingly.
Are There Any Reports of Exploitation?
As of now, Cisco PSIRT is not aware of any instances of exploitation. For further information, refer to the official advisory for CVE-2024-20272.
What Are the Affected Cisco Unity Connection Versions? How to Secure Against Exploitation?
Cisco promptly addressed the security concern by releasing patches tailored to the affected Unity Connection versions; there are no workarounds available, making the installation of security patches essential for averting potential exploitation.
Here are the fixed versions for Cisco Unity Connection:
For releases 12.5 and earlier → 12.5.1.19017-41
For release 14 → 14.0.1.14006-51
Cisco states that Unity Connection release 15 is unaffected by the identified vulnerability, CVE-2024-20272.
How Can SOCRadar Help?
SOCRadar offers robust support to fortify your cybersecurity posture through its XTI platform. Attack Surface Management (ASM) module meticulously monitors and analyzes potential exposure points in your digital infrastructure. By providing real-time insights into their attack surface and emerging vulnerabilities, ASM enables organizations to proactively identify and mitigate potential threats.
SOCRadar Attack Surface Management
In addition, SOCRadar delivers comprehensive Vulnerability Intelligence, supplying the latest updates on known vulnerabilities, associated exploits, repositories, and emerging hacker trends. This valuable resource equips organizations with the critical information needed to stay ahead of potential threats and bolster their vulnerability management strategies.
SOCRadar Vulnerability Intelligence
Unlock the full capabilities of SOCRadar XTI by signing up for a free edition.
The post High Severity Vulnerability in Cisco Unity Connection Could Enable Root Privileges (CVE-2024-20272) appeared first on SOCRadar® Cyber Intelligence Inc..
Article Link: High Severity Vulnerability in Cisco Unity Connection Could Enable Root Privileges (CVE-2024-20272)