Vigil@nce - Cisco Unity Connection: privilege escalation via the web server
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An authenticated attacker can read files via the web server of
Cisco Unity Connection, in order to get administrator privileges.
Impacted products: Cisco Unity
Severity: 2/4
Creation date: 07/08/2014
DESCRIPTION OF THE VULNERABILITY
The Cisco Unity Connection HTTP Intercept product offers a web
service.
An authenticated attacker can read files via the web server of
Cisco Unity Connection, in order to get administrator privileges.
Technical details are unknown.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN