PT-2025-23826 · Cisco · Cisco Unified Communications
Antonin B
+2
·
Published
2025-06-04
·
Updated
2025-06-04
·
CVE-2025-20278
CVSS v3.1
6.7
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Communications products (affected versions not specified)
Description
A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device as the root user. This issue is due to improper validation of user-supplied command arguments. An attacker could exploit this by executing crafted commands on the CLI of an affected device, allowing them to execute arbitrary commands on the underlying operating system as the root user. The attacker must have valid administrative credentials to exploit this vulnerability.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Unified Communications