A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unity Connection | 12.5(1), 12.5(1)SU1, 12.5(1)SU2, 12.5(1)SU3, 12.5(1)SU4, 14, 12.5(1)SU5, 14SU1, 12.5(1)SU6, 14SU2, 12.5(1)SU7, 14SU3, 12.5(1)SU8, 14SU3a, 12.5(1)SU8a, 15, 15SU1, 14SU4, 12.5(1)SU9, 15SU2, 15SU3 |
