High Severity Vulnerability in Cisco Unity Connection Could Enable Root Privileges (CVE-2024-20272)
Cisco has resolved a high-severity security vulnerability in Unity Connection that opens the door for unauthenticated attackers to upload malicious files, execute arbitrary commands, and gain root privileges on affected devices.
Details of the Cisco Unity Connection Vulnerability (CVE-2024-20272)
Tracked as CVE-2024-20272, the vulnerability holds a CVSS score of 7.3, although it is categorized with critical severity by Cisco. Importantly, it is non-local, necessitating neither authentication nor privileges, nor user interaction.
Cisco’s advisory attributes the vulnerability to a lack of authentication in a specific API and improper validation of user-supplied data. It affects specifically the web-based management interface of Cisco Unity Connection – a messaging and voicemail system – and poses a significant security threat.
Exploiting CVE-2024-20272 involves the attacker uploading arbitrary files to the targeted system. A successful exploit grants the ability to store malicious files, execute arbitrary commands on the operating system, and escalate privileges to root.
While primarily labeled as an arbitrary file upload vulnerability, its potential for privilege escalation adds significant concern. In our review of CISA’s KEV Catalog for 2023, we highlighted privilege escalation as the most exploited vulnerability type, followed by code execution and command injection vulnerabilities. This indicates a rising trend in the exploitation of such vulnerabilities, and underscores the pressing need to fortify our defenses accordingly.
Are There Any Reports of Exploitation?
As of now, Cisco PSIRT is not aware of any instances of exploitation. For further information, refer to the official advisory for CVE-2024-20272.
What Are the Affected Cisco Unity Connection Versions? How to Secure Against Exploitation?
Cisco promptly addressed the security concern by releasing patches tailored to the affected Unity Connection versions; there are no workarounds available, making the installation of security patches essential for averting potential exploitation.Here are the fixed versions for Cisco Unity Connection:
- For releases 12.5 and earlier → 18.104.22.16817-41
- For release 14 → 22.214.171.12406-51
Cisco states that Unity Connection release 15 is unaffected by the identified vulnerability, CVE-2024-20272.
With this module, you gain access to comprehensive details about each identified vulnerability, encompassing information about exploits and mentions.
CISA has issued an alert for the CVE-2024-20272 vulnerability, urging users and administrators to promptly apply the necessary patches to fix it. The agency underscored the significance of this vulnerability, warning that threat actors could exploit it to seize control of affected systems.
How Can SOCRadar Help?
SOCRadar offers robust support to fortify your cybersecurity posture through its XTI platform. Attack Surface Management (ASM) module meticulously monitors and analyzes potential exposure points in your digital infrastructure. By providing real-time insights into their attack surface and emerging vulnerabilities, ASM enables organizations to proactively identify and mitigate potential threats.