CVE-2024-20272 - OpenCVE

A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Unity Connection

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unity_connection::::::::
	cpe:2.3:a:cisco:unity_connection::::::::

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2024-01-17T16:54:49.321Z

Updated: 2024-02-02T15:42:44.885Z

Reserved: 2023-11-08T15:08:07.625Z

Link: CVE-2024-20272

JSON object: View

NVD Information

Status : Modified

Published: 2024-01-17T17:15:12.130

Modified: 2024-02-02T16:15:54.683

Link: CVE-2024-20272

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-20272", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.625Z", "datePublished": "2024-01-17T16:54:49.321Z", "dateUpdated": "2024-02-02T15:42:44.885Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-02-02T15:42:44.885Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root."}], "affected": [{"vendor": "Cisco", "product": "Cisco Unity Connection", "versions": [{"version": "12.0(1)SU1", "status": "affected"}, {"version": "12.0(1)SU2", "status": "affected"}, {"version": "12.0(1)SU3", "status": "affected"}, {"version": "12.0(1)SU4", "status": "affected"}, {"version": "12.0(1)SU5", "status": "affected"}, {"version": "12.5(1)", "status": "affected"}, {"version": "12.5(1)SU1", "status": "affected"}, {"version": "12.5(1)SU2", "status": "affected"}, {"version": "12.5(1)SU3", "status": "affected"}, {"version": "12.5(1)SU4", "status": "affected"}, {"version": "12.5(1)SU5", "status": "affected"}, {"version": "12.5(1)SU6", "status": "affected"}, {"version": "12.5(1)SU7", "status": "affected"}, {"version": "12.5(1)SU8", "status": "affected"}, {"version": "12.5(1)SU8a", "status": "affected"}, {"version": "14", "status": "affected"}, {"version": "14SU1", "status": "affected"}, {"version": "14SU2", "status": "affected"}, {"version": "14SU3", "status": "affected"}, {"version": "14SU3a", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Unrestricted Upload of File with Dangerous Type", "type": "cwe", "cweId": "CWE-434"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD", "name": "cisco-sa-cuc-unauth-afu-FROYsCsD"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-cuc-unauth-afu-FROYsCsD", "discovery": "EXTERNAL", "defects": ["CSCwh14380"]}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", "matchCriteriaId": "05EE3F1E-0C35-4922-BB29-0E48323ED572", "versionEndExcluding": "12.5.1.19017-4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", "matchCriteriaId": "02BBF889-9F0F-420A-BA31-3DF0C41F6782", "versionEndExcluding": "14.0.1.14006-5", "versionStartIncluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Unity Connection podr\u00eda permitir que un atacante remoto no autenticado cargue archivos arbitrarios en un sistema afectado y ejecute comandos en el sistema operativo subyacente. Esta vulnerabilidad se debe a una falta de autenticaci\u00f3n en una API espec\u00edfica y a una validaci\u00f3n inadecuada de los datos proporcionados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad cargando archivos arbitrarios en un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante almacenar archivos maliciosos en el sistema, ejecutar comandos arbitrarios en el sistema operativo y elevar privilegios a root."}], "id": "CVE-2024-20272", "lastModified": "2024-02-02T16:15:54.683", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2024-01-17T17:15:12.130", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}