Description
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input in HTTP requests. An attacker could exploit this vulnerability by sending a sequence of crafted HTTP requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. Note: Cisco has assigned this security advisory a Security Impact Rating (SIR) of Critical rather than High as the score indicates. The reason is that exploitation of this vulnerability could result in an attacker elevating privileges to root.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None
Affected products
- Cisco / Cisco Unified Communications Manager12.5(1)SU2 β 12.5(1)SU2
- Cisco / Cisco Unified Communications Manager12.5(1)SU1 β 12.5(1)SU1
- Cisco / Cisco Unified Communications Manager12.5(1) β 12.5(1)
- Cisco / Cisco Unified Communications Manager12.5(1)SU3 β 12.5(1)SU3
- Cisco / Cisco Unified Communications Manager12.5(1)SU4 β 12.5(1)SU4
- Cisco / Cisco Unified Communications Manager14 β 14
- Cisco / Cisco Unified Communications Manager12.5(1)SU5 β 12.5(1)SU5
- Cisco / Cisco Unified Communications Manager14SU1 β 14SU1
- Cisco / Cisco Unified Communications Manager12.5(1)SU6 β 12.5(1)SU6
- Cisco / Cisco Unified Communications Manager14SU2 β 14SU2
- Cisco / Cisco Unified Communications Manager12.5(1)SU7 β 12.5(1)SU7
- Cisco / Cisco Unified Communications Manager12.5(1)SU7a β 12.5(1)SU7a
- Cisco / Cisco Unified Communications Manager14SU3 β 14SU3
- Cisco / Cisco Unified Communications Manager12.5(1)SU8 β 12.5(1)SU8
- Cisco / Cisco Unified Communications Manager12.5(1)SU8a β 12.5(1)SU8a
- Cisco / Cisco Unified Communications Manager15 β 15
- Cisco / Cisco Unified Communications Manager15SU1 β 15SU1
- Cisco / Cisco Unified Communications Manager14SU4 β 14SU4
- Cisco / Cisco Unified Communications Manager14SU4a β 14SU4a
- Cisco / Cisco Unified Communications Manager15SU1a β 15SU1a
- Cisco / Cisco Unified Communications Manager12.5(1)SU9 β 12.5(1)SU9
- Cisco / Cisco Unified Communications Manager15SU2 β 15SU2
- Cisco / Cisco Unified Communications Manager15.0.1.13010-1 β 15.0.1.13010-1
- Cisco / Cisco Unified Communications Manager15.0.1.13011-1 β 15.0.1.13011-1
- Cisco / Cisco Unified Communications Manager15.0.1.13012-1 β 15.0.1.13012-1
- Cisco / Cisco Unified Communications Manager15.0.1.13013-1 β 15.0.1.13013-1
- Cisco / Cisco Unified Communications Manager15.0.1.13014-1 β 15.0.1.13014-1
- Cisco / Cisco Unified Communications Manager15.0.1.13015-1 β 15.0.1.13015-1
- Cisco / Cisco Unified Communications Manager15.0.1.13016-1 β 15.0.1.13016-1
- Cisco / Cisco Unified Communications Manager15.0.1.13017-1 β 15.0.1.13017-1
- Cisco / Cisco Unified Communications Manager15SU3a β 15SU3a
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1) β 12.5(1)
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU1 β 12.5(1)SU1
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU2 β 12.5(1)SU2
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU3 β 12.5(1)SU3
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU4 β 12.5(1)SU4
- Cisco / Cisco Unified Communications Manager IM and Presence Service14 β 14
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU5 β 12.5(1)SU5
- Cisco / Cisco Unified Communications Manager IM and Presence Service14SU1 β 14SU1
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU6 β 12.5(1)SU6
- Cisco / Cisco Unified Communications Manager IM and Presence Service14SU2 β 14SU2
- Cisco / Cisco Unified Communications Manager IM and Presence Service14SU2a β 14SU2a
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU7 β 12.5(1)SU7
- Cisco / Cisco Unified Communications Manager IM and Presence Service14SU3 β 14SU3
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU8 β 12.5(1)SU8
- Cisco / Cisco Unified Communications Manager IM and Presence Service15 β 15
- Cisco / Cisco Unified Communications Manager IM and Presence Service15SU1 β 15SU1
- Cisco / Cisco Unified Communications Manager IM and Presence Service14SU4 β 14SU4
- Cisco / Cisco Unified Communications Manager IM and Presence Service12.5(1)SU9 β 12.5(1)SU9
- Cisco / Cisco Unified Communications Manager IM and Presence Service15SU2 β 15SU2
- Cisco / Cisco Unified Communications Manager IM and Presence Service15SU3 β 15SU3
- Cisco / Cisco Unity Connection12.5(1) β 12.5(1)
- Cisco / Cisco Unity Connection12.5(1)SU1 β 12.5(1)SU1
- Cisco / Cisco Unity Connection12.5(1)SU2 β 12.5(1)SU2
- Cisco / Cisco Unity Connection12.5(1)SU3 β 12.5(1)SU3
- Cisco / Cisco Unity Connection12.5(1)SU4 β 12.5(1)SU4
- Cisco / Cisco Unity Connection14 β 14
- Cisco / Cisco Unity Connection12.5(1)SU5 β 12.5(1)SU5
- Cisco / Cisco Unity Connection14SU1 β 14SU1
- Cisco / Cisco Unity Connection12.5(1)SU6 β 12.5(1)SU6
- Cisco / Cisco Unity Connection14SU2 β 14SU2
- Cisco / Cisco Unity Connection12.5(1)SU7 β 12.5(1)SU7
- Cisco / Cisco Unity Connection14SU3 β 14SU3
- Cisco / Cisco Unity Connection12.5(1)SU8 β 12.5(1)SU8
- Cisco / Cisco Unity Connection14SU3a β 14SU3a
- Cisco / Cisco Unity Connection12.5(1)SU8a β 12.5(1)SU8a
- Cisco / Cisco Unity Connection15 β 15
- Cisco / Cisco Unity Connection15SU1 β 15SU1
- Cisco / Cisco Unity Connection14SU4 β 14SU4
- Cisco / Cisco Unity Connection12.5(1)SU9 β 12.5(1)SU9
- Cisco / Cisco Unity Connection15SU2 β 15SU2
- Cisco / Cisco Unity Connection15SU3 β 15SU3