A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary command

CISCO

PRODUCTS

04-06-2025 16:16

CVE-2025-20278 Vulnerabilidad documentada

6.0 MEDIUM

Tags

#exploit

#product

#nifi

#admin

#products

#cisco

#vulnerability

#affected

#improper

#authenticated

#arbitrary

#root

#execute

#allow

#attack

#affect

Descripción

A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on underlying operating system affected device as root user. This is due improper validation user-supplied command arguments. An exploit this by executing crafted device. A successful user. To vulnerability, must have valid administrative credentials.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vos-command-inject-65s2UCYy

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-20278

Resultados similares

Coincidentes en almenos en 50% de los tags

05-06-2025 CVE-2025-5630
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vul...
Ver información

05-06-2025 CVE-2025-5624
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This v...
Ver información