A Vulnerability in Cisco Unity Express Could Allow for Arbitrary Code Execution

ITS Advisory Number: 
2018-114
Date(s) Issued: 
Wednesday, November 7, 2018
Subject: 
A Vulnerability in Cisco Unity Express Could Allow for Arbitrary Code Execution
Overview: 

A vulnerability has been discovered in Cisco Unity Express that could allow for arbitrary code execution. Cisco Unity Express is an application that that provides the voice messaging and automated attendant capabilities to Cisco CME (Communications Manager Express). Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands on the device with root privileges.

 

THREAT INTELLIGENCE:

There are no reports of this vulnerability being actively exploited in the wild.

Systems Affected: 
  • Cisco Unity Express prior to release 9.0.6

RISK
GOVERNMENT
Large and medium government entities: 
Medium
Small government entities: 
High
BUSINESS
Large and medium business entities: 
Medium
Small business entities: 
High
Home Users: 
Low
Description: 

A vulnerability has been discovered in Cisco Unity Express that could allow for arbitrary code execution. Cisco Unity Express is an application that that provides the voice messaging and automated attendant capabilities to Cisco CME (Communications Manager Express). Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands on the device with root privileges.

 

The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges. 

 

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Actions: 
  • Verify no unauthorized system modifications have occurred on system before applying patch.

  • After appropriate testing, immediately install the update provided by Cisco.

  • Monitor intrusion detection systems for any signs of anomalous activity.

  • Unless required, limit external network access to affected products.