This advisory is for organizations that use Cisco Unity Connection to support virtualized messaging and voicemail accessibility. If your organization does not use this product, this notification may be discarded.
Cisco has released a patch to address a critical vulnerability which is due to improper validation of user-supplied data and a lack of authentication in a specific API on the Cisco Unity Connection platform. This vulnerability could allow an unauthenticated remote attacker to use the web-based management interface to upload an arbitrary file and execute commands on the underlying operating system as root.
Currently, there are no reports of this vulnerability having been exploited in the wild.