A vulnerability in Cisco’s messaging service could give attackers control of the device on which you use Unity Connection. The key is to patch quickly.

Cisco is releasing an update on the vulnerability, archived as CVE-2024-20272. The vulnerability receives a CVSS score of 7.3, which is enough for Cisco to classify it as “critical.” Attackers can gain control of the user’s device through Unity Connection.

Unity Connection is a messaging and voicemail service designed to streamline communication across various media. Although Cisco boasts on its website that its messaging service is very secure, the security flaw means the exact opposite is true. According to Cisco, the vulnerability is due to an authentication and validation flaw in a specific API. This allows an attacker to upload malicious files to a system and, in the worst case, even gain the necessary permissions to control the device. root.

According to Cisco, there are no signs of active abuse yet, but the network specialist doesn’t want to wait for that. Cisco has now rolled out the necessary patches. As with any vulnerability in any software, quick patching is the motto. Update Unity Connection to the version 12.5.1.19017-4 or 14.0.1.14006-5 should solve the problem. All version numbers starting with 15 are safe.

Fully in use

In 2024, Cisco security teams will be in full throttle. Cisco has released a dozen additional patches for smaller, moderate-severity vulnerabilities. The network supplier undoubtedly wants to avoid a scenario like the one in October. Then a vulnerability in iOS allowed XE to completely take over networks.

Such incidents damage Cisco’s ambitions to market itself as a security specialist. This time we want to go quickly.