Cisco has recently addressed a critical security flaw in its Unity Connection. Unity Connection is a fully virtualized messaging and voicemail solution designed for various platforms, including email inboxes, web browsers, Cisco Jabber, Cisco Unified IP Phone, smartphones, and tablets. The vulnerability, known as CVE-2024-20272, was discovered in the software’s web-based management interface, potentially allowing unauthenticated attackers to remotely gain root privileges on unpatched devices.
CVE-2024-20272 in Detail
The vulnerability stems from a lack of authentication in a specific API and improper validation of user-supplied data. Attackers can exploit this weakness by uploading arbitrary files to the targeted system, enabling them to execute commands on the underlying operating system. If successfully exploited, the attacker could store malicious files on the system, execute arbitrary commands, and elevate privileges to root.
Fortunately, Cisco’s Product Security Incident Response Team (PSIRT) has not found any evidence of public proof-of-concept exploits or active exploitation in the wild. Nonetheless, the company urges users to apply the provided patches promptly.
In addition to addressing the Unity Connection flaw, Cisco has patched ten medium-severity security vulnerabilities across multiple products. These vulnerabilities could allow attackers to escalate privileges, launch cross-site scripting (XSS) attacks, inject commands, and more. Notably, proof-of-concept exploit code is available online for one of these flaws (CVE-2024-20287) found in the web-based management interface of Cisco’s WAP371 Wireless Access Point.
Cisco emphasizes that the WAP371 device reached end-of-life in June 2019 and, therefore, will not receive firmware updates to address the CVE-2024-20287 security flaw. Customers with this device are advised to migrate to the Cisco Business 240AC Access Point.
This security update follows Cisco’s response to two zero-day vulnerabilities (CVE-2023-20198 and CVE-2023-20273) in October, which were exploited to compromise over 50,000 IOS XE devices within a single week. Cisco continues to prioritize the security of its products by actively addressing and patching vulnerabilities to safeguard its users from potential cyber threats. Users are strongly encouraged to apply the provided updates and follow Cisco’s recommendations to mitigate security risks effectively.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: