CVE-2026-20081

MEDIUM

Cisco Unity Connection Arbitrary File Download Vulnerability

Title source: cna

Description

Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials.  These vulnerabilities are due to improper sanitization of user input to the web-based management interface. An attacker could exploit these vulnerabilities by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from an affected system.

References (1)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-unity-file-download-RmKEVWPx

Scores

CVSS v3 6.5

EPSS 0.0010

EPSS Percentile 28.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-23

Status published

Products (22)

Cisco/Cisco Unity Connection 12.5(1)

Cisco/Cisco Unity Connection 12.5(1)SU1

Cisco/Cisco Unity Connection 12.5(1)SU2

Cisco/Cisco Unity Connection 12.5(1)SU3

Cisco/Cisco Unity Connection 12.5(1)SU4

Cisco/Cisco Unity Connection 12.5(1)SU5

Cisco/Cisco Unity Connection 12.5(1)SU6

Cisco/Cisco Unity Connection 12.5(1)SU7

Cisco/Cisco Unity Connection 12.5(1)SU8

Cisco/Cisco Unity Connection 12.5(1)SU8a

... and 12 more

Published Apr 15, 2026

Tracked Since Apr 15, 2026