4.7
CVE-2026-20060
- EPSS 0.03%
- Veröffentlicht 15.04.2026 16:11:20
- Zuletzt bearbeitet 28.04.2026 16:30:29
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
Cisco Unity Connection Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Unity Connection Version <= 12.5
Cisco ≫ Unity Connection Version14.0
Cisco ≫ Unity Connection Version14su1
Cisco ≫ Unity Connection Version14su2
Cisco ≫ Unity Connection Version14su3
Cisco ≫ Unity Connection Version14su3a
Cisco ≫ Unity Connection Version14su4
Cisco ≫ Unity Connection Version15.0
Cisco ≫ Unity Connection Version15su1
Cisco ≫ Unity Connection Version15su2
Cisco ≫ Unity Connection Version15su3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.072 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.7 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
|
| psirt@cisco.com | 4.7 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.