Cisco Unity Connection Mail Relay Vulnerability

A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages.

The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses.

There are no workarounds that address this vulnerability.

Affected Products
  • Vulnerable Products

    This vulnerability affects Cisco Unity Connection. For information about affected software releases, consult the Cisco bug ID(s) at the top of this advisory.

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by this vulnerability.
  • There are no workarounds that address this vulnerability.

Fixed Software
  • For information about fixed software releases, consult the Cisco bug ID(s) at the top of this advisory.

    When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

Exploitation and Public Announcements
  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

  • This vulnerability was found during internal security testing.

To read the original article:


Laisser un commentaire

Next Post

SamSam Ransomware Hits Colorado DOT, Agency Shuts Down 2,000 Computers

The Colorado Department of Transportation (DOT) has shut down over 2,000 computers after some systems got infected with the SamSam ransomware on Wednesday, February 21. The agency’s IT staff is working with its antivirus provider McAfee to remediate affected workstations and safeguard other endpoints before before reintroducing PCs into its […]