8.8
CVE-2026-20034
- EPSS 0.71%
- Veröffentlicht 06.05.2026 16:16:05
- Zuletzt bearbeitet 01.07.2026 16:01:11
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Unity Connection Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Unity Connection Version < 14.0
Cisco ≫ Unity Connection Version14.0
Cisco ≫ Unity Connection Version14su1
Cisco ≫ Unity Connection Version14su2
Cisco ≫ Unity Connection Version14su3
Cisco ≫ Unity Connection Version14su4
Cisco ≫ Unity Connection Version15.0
Cisco ≫ Unity Connection Version15su1
Cisco ≫ Unity Connection Version15su2
Cisco ≫ Unity Connection Version15su3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.71% | 0.491 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-35 Path Traversal: '.../...//'
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy