Cisco Bug: CSCup41014 - Unity Connection Security Scan vulnerabilities HTTP Intercept

Last Modified

Aug 06, 2018

Products (1)

Cisco Unity Connection

Known Affected Releases

9.1(1.2) 9.1(1.9)

Description (partial)

Symptom:
A vulnerability in Cisco Unity Connection Server could allow an authenticated, remote attacker to elevate privileges and obtain full access to
the affected system..

The vulnerability is due to improper privilege escalation. An attacker may be able to exploit this vulnerability by reading files accessible
to the web server user.

Conditions:
Devices running an affected version of the Cisco Unity Connection Server.

View Bug Details in Bug Search Tool Login Required

Why Is Login Required?

Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

Full Description (including symptoms, conditions and workarounds)
Status
Severity
Known Fixed Releases
Related Community Discussions
Number of Related Support Cases

Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.

Learn More About Cisco Service Contracts