all InfoSec news
A Vulnerability in Cisco Unity Connection Could Allow for Arbitrary Code Execution
Center for Internet Security - Multi-State Information Sharing and Analysis Center www.cisecurity.org
A vulnerability has been discovered in Cisco Unity Connection that could allow for arbitrary code execution on a targeted host. Cisco Unity Connection is a unified messaging and voicemail solution that allows users access and manage messages from an email inbox, web browser, Cisco Jabber, Cisco Unified IP Phone, smartphone, or tablet. Successful exploitation could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. Depending on the privileges …
access arbitrary code arbitrary code execution browser cisco code code execution email host jabber manage messages messaging solution unity unity connection voicemail vulnerability web web browser