A server-side request forgery vulnerability in Cisco Unified Communications Manager and Unified CM Session Management Edition could allow attackers to write files to the underlying operating system. Successful exploitation may lead to privilege escalation to root, command execution, or remote device access depending on file write location.

Why it matters in Western Canada: Many Western Canadian post-secondary institutions, healthcare organizations, and enterprise sectors deploy Cisco Unified Communications for campus and corporate telephony and collaboration. Exploitation could compromise voice systems and enable lateral movement within critical infrastructure.

---

Summary generated from the original advisory. Read the full source: ms-isac