CVE-2019-15986

Name of the Vulnerable Software and Affected Versions Cisco Unity Express (affected versions not specified)

Description The issue is related to the improper handling of special elements, which can be exploited to elevate privileges and execute arbitrary code. An authenticated, local attacker could inject arbitrary commands that are executed with root privileges by sending crafted CLI commands to the system. This is due to improper input validation for certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.