EUVD-2026-27847
GHSA-wfvp-xw34-rhwq
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
AnalysisAI
Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all Cisco Unity Connection deployments and document current versions; restrict API access to Unity Connection management interfaces via network segmentation and firewall rules. Within 7 days: Audit low-privilege user accounts with API access and disable unnecessary credentials; implement IP whitelisting for administrative access. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today