Skip to content
CVSS 7.2 · HIGH

CVE-2026-20035

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

Ver en NVD

Análisis

Cisco Unity Connection Web Inbox is vulnerable to unauthenticated Server-Side Request Forgery (SSRF). A remote attacker could send crafted HTTP requests through the device to access internal network resources or other services not directly reachable from the internet.

Severidad

Puntaje: 7.2(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: LOW
I: LOW
A: NONE
Tipo de falla (CWE): CWE-918

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected device.

Publicada: 6/5/2026, 17:16:20
Última modificación: 6/5/2026, 18:59:53

Referencias

InicioEventosBlogRecursosEquipo