Threat Advisory

Cisco Unity Connection Remote Code Execution Vulnerability

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Cisco Unity Connection, a unified messaging system, which could allow remote attackers to execute arbitrary code or conduct server-side request forgery (SSRF) attacks. The affected versions include Cisco Unity Connection. These vulnerabilities pose a significant business risk, as they could allow unauthorized access to sensitive data and compromise the integrity of the system. If exploited, these vulnerabilities could lead to a complete compromise of a targeted device, resulting in significant financial and reputational damage.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in Cisco Unity Connection, a unified messaging system, which could allow remote attackers to execute arbitrary code or conduct server-side request forgery (SSRF) attacks. The affected versions include Cisco Unity Connection. These vulnerabilities pose a significant business risk, as they could allow unauthorized access to sensitive data and compromise the integrity of the system. If exploited, these vulnerabilities could lead to a complete compromise of a targeted device, resulting in significant financial and reputational damage.[emaillocker id="1283"]

  • CVE-2026-20034 with a CVSS score of 8.8 – This vulnerability affects Cisco Unity Connection, regardless of device configuration, due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request, allowing them to execute arbitrary code as root. To exploit this vulnerability, the attacker must have valid user credentials on the affected device.
  • CVE-2026-20035 with a CVSS score of 7.2 – This vulnerability affects Cisco Unity Connection if Web Inbox is enabled. If the Allow Users to Use the Web Inbox and RSS Feeds box is checked, the feature is enabled. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device, allowing them to send arbitrary network requests that are sourced from the affected device.

The identified vulnerabilities pose a significant risk to businesses that rely on Cisco Unity Connection for unified messaging. If exploited, these vulnerabilities could lead to a complete compromise of a targeted device, resulting in significant financial and reputational damage. It is essential for affected organizations to take immediate action to address these vulnerabilities and prevent potential attacks.

RECOMMENDATION:

  • We recommend you to update Cisco Unity Connection to version 15SU4.

REFERENCES:

The following reports contain further technical details:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-rce-ssrf-hENhuASy?vs_f=Cisco%20Security%20Advisory%26vs_cat=Security%20Intelligence%26vs_type=RSS%26vs_p=Cisco%20Unity%20Connection%20Remote%20Code%20Execution%20and%20Server-Side%20Request%20Forgery%20Vulnerabilities%26vs_k=1

[/emaillocker]
crossmenu