CVE-2024-20272 - OpenCVE

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unity Connection

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unity_connection::::::::
	cpe:2.3:a:cisco:unity_connection::::::::

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-01-17T16:54:49.321Z

Updated: 2024-08-01T21:52:31.676Z

Reserved: 2023-11-08T15:08:07.625Z

Link: CVE-2024-20272

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-17T17:15:12.130

Modified: 2024-02-02T16:15:54.683

Link: CVE-2024-20272

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20272", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.625Z", "datePublished": "2024-01-17T16:54:49.321Z", "dateUpdated": "2024-08-01T21:52:31.676Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-02-02T15:42:44.885Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root."}], "affected": [{"vendor": "Cisco", "product": "Cisco Unity Connection", "versions": [{"version": "12.0(1)SU1", "status": "affected"}, {"version": "12.0(1)SU2", "status": "affected"}, {"version": "12.0(1)SU3", "status": "affected"}, {"version": "12.0(1)SU4", "status": "affected"}, {"version": "12.0(1)SU5", "status": "affected"}, {"version": "12.5(1)", "status": "affected"}, {"version": "12.5(1)SU1", "status": "affected"}, {"version": "12.5(1)SU2", "status": "affected"}, {"version": "12.5(1)SU3", "status": "affected"}, {"version": "12.5(1)SU4", "status": "affected"}, {"version": "12.5(1)SU5", "status": "affected"}, {"version": "12.5(1)SU6", "status": "affected"}, {"version": "12.5(1)SU7", "status": "affected"}, {"version": "12.5(1)SU8", "status": "affected"}, {"version": "12.5(1)SU8a", "status": "affected"}, {"version": "14", "status": "affected"}, {"version": "14SU1", "status": "affected"}, {"version": "14SU2", "status": "affected"}, {"version": "14SU3", "status": "affected"}, {"version": "14SU3a", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Unrestricted Upload of File with Dangerous Type", "type": "cwe", "cweId": "CWE-434"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD", "name": "cisco-sa-cuc-unauth-afu-FROYsCsD"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-cuc-unauth-afu-FROYsCsD", "discovery": "EXTERNAL", "defects": ["CSCwh14380"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:52:31.676Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD", "name": "cisco-sa-cuc-unauth-afu-FROYsCsD", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", "matchCriteriaId": "05EE3F1E-0C35-4922-BB29-0E48323ED572", "versionEndExcluding": "12.5.1.19017-4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", "matchCriteriaId": "02BBF889-9F0F-420A-BA31-3DF0C41F6782", "versionEndExcluding": "14.0.1.14006-5", "versionStartIncluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unity Connection podr\u00eda permitir que un atacante remoto no autenticado cargue archivos arbitrarios en un sistema afectado y ejecute comandos en el sistema operativo subyacente. Esta vulnerabilidad se debe a una falta de autenticaci\u00f3n en una API espec\u00edfica y a una validaci\u00f3n inadecuada de los datos proporcionados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad cargando archivos arbitrarios en un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante almacenar archivos maliciosos en el sistema, ejecutar comandos arbitrarios en el sistema operativo y elevar privilegios a root."}], "id": "CVE-2024-20272", "lastModified": "2024-02-02T16:15:54.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2024-01-17T17:15:12.130", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}