PT-2020-1647 · Cisco · Cisco Unity Connection

Published

2020-01-22

Updated

2021-08-12

CVE-2020-3130

CVSS v2.0

6.6

Medium

Vector

AV:N/AC:H/Au:S/C:N/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Unity Connection (affected versions not specified)

Description A vulnerability in the web management interface of Cisco Unity Connection exists due to insufficient input validation, allowing an authenticated remote attacker to overwrite files on the underlying filesystem. The attacker could exploit this by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system, requiring valid administrator credentials to access the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-22

Related Identifiers

BDU:2020-00876

CVE-2020-3130

Affected Products

Cisco Unity Connection

PT-2020-1647 · Cisco · Cisco Unity Connection

CVE-2020-3130

Weakness Enumeration

Related Identifiers

Affected Products

References · 4