Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (cisco) · only source for this CVE.
CVSS VectorVendor: cisco
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of a targeted device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
AnalysisAI
Remote code execution in Cisco Unity Connection allows authenticated remote attackers with low-privilege credentials to execute arbitrary code as root via crafted API requests to the web management interface. Successful exploitation enables complete device compromise. CVSS score of 8.8 reflects high impact across confidentiality, integrity, and availability, though exploitation requires valid user credentials (PR:L). No public exploit code or active exploitation confirmed at time of analysis. EPSS data not available in provided intelligence.
Technical ContextAI
Cisco Unity Connection is a unified messaging platform providing voicemail, email, and fax services for enterprise communications. The vulnerability resides in the web-based management interface's API request handling mechanism. According to CWE-35 (Path Traversal), the root cause involves improper validation of user-supplied input that likely includes path elements, allowing attackers to manipulate file system references or command execution contexts. The web interface processes API requests without adequately sanitizing input parameters, enabling injection of malicious payloads. The CVSS vector (AV:N/AC:L) indicates the vulnerable API endpoint is network-accessible with low attack complexity, requiring only basic HTTP request manipulation skills once authenticated.
RemediationAI
Apply the vendor-released patch per Cisco Security Advisory cisco-sa-unity-rce-ssrf-hENhuASy available at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy, which specifies fixed software versions and upgrade procedures. Until patching is complete, implement compensating controls including restricting network access to the web management interface to trusted administrative networks or VPN-only access, enforcing multi-factor authentication for all Unity Connection user accounts to raise the credential compromise bar, conducting immediate audit of user accounts to disable unused or unnecessary credentials, and monitoring API request logs for unusual patterns such as requests containing path traversal characters (../, encoded variants) or unexpected command syntax. Note that restricting network access may impair legitimate remote administration workflows, requiring administrators to use VPN or jump hosts. Account lockout policies should be reviewed to balance security against operational availability for legitimate users.
More in Cisco Unity Connection
View allSame weakness CWE-35 – Path Traversal: '.../...//'
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27847
GHSA-wfvp-xw34-rhwq