8.8

CVE-2026-20034

Medienbericht

Cisco Unity Connection Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoUnity Connection Version < 14.0
CiscoUnity Connection Version14.0
CiscoUnity Connection Version14su1
CiscoUnity Connection Version14su2
CiscoUnity Connection Version14su3
CiscoUnity Connection Version14su4
CiscoUnity Connection Version15.0
CiscoUnity Connection Version15su1
CiscoUnity Connection Version15su2
CiscoUnity Connection Version15su3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.491
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-35 Path Traversal: '.../...//'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
11.05.2026 16:03
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
07.05.2026 09:25
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy
Vendor Advisory