CVE-2024-20272: Critical Unauthenticated Arbitrary File Upload Vulnerability in Cisco Unity Connection

Share :

On 10 January 2024, Cisco disclosed a critical vulnerability, CVE-2024-20272, with a CVSS score of 7.3, in their Cisco Unity Connection software. This vulnerability allows an unauthenticated remote attacker to upload arbitrary files and execute commands on the underlying operating system. Cisco has released a patch to address the issue. 

While there is no evidence of active exploitation in the wild or public proof-of-concept exploit code at this time, numerous Cisco products have been listed in CISA’s Known Exploited Vulnerabilities Catalog. Due to the large market share held by Cisco, threat actors may attempt to develop exploit code by reverse engineering fixed versions of the software. 

Arctic Wolf strongly recommends upgrading Cisco Unity Connection as soon as possible to mitigate the risk posed by this vulnerability. 

Affected Versions  Fixed Version 
Cisco Unity Connection 14  14.0.1.14006-5 
Cisco Unity Connection 12.5 and earlier  12.5.1.19017-4 

Recommendation for CVE-2024-20272

Recommendation: Upgrade to a Fixed Version of Cisco Unity Connection

Arctic Wolf strongly recommends upgrading to a fixed version of Cisco Unity Connection as described in Cisco’s security advisory. 

Please note that this release must be specifically requested from Cisco Technical Assistance Center (TAC), and it is not available for download directly from the Download Center. Only Cisco customers with service contracts providing access to regular software updates will have access to it. Cisco TAC contact information.

Affected Versions  Fixed Version 
Cisco Unity Connection 14  14.0.1.14006-5 
Cisco Unity Connection 12.5 and earlier  12.5.1.19017-4 

References 

Stefan Hostetler

Stefan Hostetler

Stefan is a Senior Threat Intelligence Researcher at Arctic Wolf. With over a decade of industry experience under his belt, he focuses on extracting actionable insight from novel threats to help organizations protect themselves effectively.
Share :
Table of Contents
Categories