all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)

Add to bookmarks
Jan. 11, 2024, 11:56 a.m. | Helga Labus

Help Net Security www.helpnetsecurity.com

Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system. Cisco Unity Connection is a unified messaging and voicemail solution for email inbox, web browser, Cisco Jabber, Cisco Unified IP Phone, smartphone, and tablet. About CVE-2024-20272 CVE-2024-20272 is an unauthenticated arbitrary file upload vulnerability in the web-based management interface of Cisco Unity Connection that could be … More


The post …

arbitrary files attacker attackers browser cisco critical critical vulnerability cve don't miss email files flaw hot stuff jabber messaging patch privilege privileges root security update solution system unauthenticated unity unity connection upload voicemail vulnerability web web browser

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Adaptive Shield unveils SaaS security for AI 7 hours ago | www.helpnetsecurity.com
adaptive shield and response applications apps +28
Onyxia launches AI-powered predictive insights to optimize security management 7 hours ago | www.helpnetsecurity.com
address ai-powered can challenges +24
Island raises $175 million at $3 billion valuation 7 hours ago | www.helpnetsecurity.com
capital coatue financing funding +10
Synopsys Polaris Assist automates repetitive, time-consuming tasks for security and development teams 8 hours ago | www.helpnetsecurity.com
ai-powered application application security assistant +30
FCC fines major wireless carriers over illegal location data sharing 8 hours ago | www.helpnetsecurity.com
access att carriers communications +26
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades 8 hours ago | www.helpnetsecurity.com
alto attackers aware concept +24
Cybersixgill Third-Party Intelligence module identifies potential supply chain risks 9 hours ago | www.helpnetsecurity.com
action cyber cybersecurity cybersixgill +25
ESET launches two MDR subscription tiers for SMBs and enterprises 11 hours ago | www.helpnetsecurity.com
and response businesses detection detection and response +15
ThreatX provides always-active API security from development to runtime 12 hours ago | www.helpnetsecurity.com
api api security application application protection +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom
View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands
View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila
View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States
View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com
View more jobs