First published: Wed Sep 23 2020(Updated: )
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unity Connection | >=11.0<11.5su7 | |
Cisco Unity Connection | >=12.0<12.5su2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3130 is a vulnerability in the web management interface of Cisco Unity Connection that could allow an authenticated remote attacker to overwrite files on the underlying filesystem.
An attacker can exploit CVE-2020-3130 by sending a crafted HTTP request to the affected web management interface.
Cisco Unity Connection versions 11.0 to 11.5su7 and versions 12.0 to 12.5su2 are affected by CVE-2020-3130.
CVE-2020-3130 has a severity rating of 6.5 (medium).
To fix CVE-2020-3130, Cisco recommends upgrading to a fixed software version as mentioned in the Cisco Security Advisory.