A Vulnerability in Cisco Unity Express Could Allow for Arbitrary Code Execution

A Vulnerability in Cisco Unity Express Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2018-125

DATE(S) ISSUED:

11/07/2018

OVERVIEW:

A vulnerability has been discovered in Cisco Unity Express that could allow for arbitrary code execution. Cisco Unity Express is an application that that provides the voice messaging and automated attendant capabilities to Cisco CME (Communications Manager Express). Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands on the device with root privileges.

THREAT INTELLIGENCE:

There are no reports of this vulnerability being actively exploited in the wild.

SYSTEMS AFFECTED:

  • Cisco Unity Express prior to release 9.0.6

RISK:

Government:

  • Large and medium government entities: MEDIUM
  • Small government entities: HIGH

Businesses:

  • Large and medium business entities: MEDIUM
  • Small business entities: HIGH

Home Users:

LOW

TECHNICAL SUMMARY:

A vulnerability has been discovered in Cisco Unity Express that could allow for arbitrary code execution. Cisco Unity Express is an application that that provides the voice messaging and automated attendant capabilities to Cisco CME (Communications Manager Express). Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands on the device with root privileges.

The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to the listening Java Remote Method Invocation (RMI) service. A successful exploit could allow the attacker to execute arbitrary commands on the device with root privileges.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Install the update provided by Cisco immediately after appropriate testing.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products.

REFERENCES: