CNNVD-202601-3420 Information
CNNVD ID
CNNVD-202601-3420
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
Cisco Unity Connection(UC)等都是美国思科(Cisco)公司的产品。Cisco Unity Connection是一套语音留言平台。Cisco Unified Communications Manager是一款统一通信系统中的呼叫处理组件。Cisco Unified Communications Manager IM & Presence是一个整合通讯软件。 Cisco多款产品存在安全漏洞,该漏洞源于对HTTP请求中用户输入验证不当,可能导致未经验证的远程攻击者执行任意命令并提升权限至root。以下产品受到影响:Cisco Unified Communications Manager、Cisco Unified Communications Manager Session Management Edition、Cisco Unified Communications Manager IM & Presence Service、Cisco Unity Connection和Cisco Webex Calling Dedicated Instance。
Description (English)
Cisco Unity Corporation (UC) and others are the products of Cisco. Cisco Unity Network is a voice message platform. Cisco United Communications Manager is a call-processing component of a unified communications system. Cisco United Communities Manager IM & Presence is an integrated communications software. There is a safety loophole in Cisco ’ s multiple products, which stems from the improper validation of the user input in the HTTP request, which may result in arbitrary orders being given to uncertified long-range assailants and the extension of their rights to root. The following products have been affected: Cisco United Communities Manager, Cisco United Nations Mission Management Assistance, Cisco United Nations Management Assistance & Management Services, Cisco United Nations Management Services, Cisco United Nations Management Information Services, and Cisco Webex Calling Developing Information.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
思科
Published
2026-01-21
Last Modified
2026-02-24
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-20045 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b https://access.redhat.com/security/cve/cve-2026-20045