Cisco released fixes for a high-severity SSRF flaw in Unified Communications Manager due to improper HTTP input validation. An unauthenticated remote attacker could exploit it to write files and elevate to root on affected devices. Fixes are in Unified CM and SME releases 14SU6 and 15SU5. Cisco credited SSD Secure Disclosure and an independent researcher for the disclosure. The vulnerability has proof-of-concept code but no evidence of active exploitation.
Tap to vote and see what everyone thinks.
