Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system. Cisco Unity Connection is a unified messaging and voicemail solution for email inbox, web browser, Cisco Jabber, Cisco Unified IP Phone, smartphone, and tablet.

Source: Help Net Security