"Cisco Patches Critical Vulnerability in Unity Connection Software"
Cisco has released software updates to fix a critical vulnerability (CVE-2024-20272) in its Unity Connection software that could allow attackers to execute arbitrary commands on the system. The flaw, discovered by security researcher Maxim Suslov, affects versions 12.5 and earlier, as well as version 14. Users are advised to update to the fixed versions to mitigate potential threats. Additionally, Cisco has addressed 11 medium-severity vulnerabilities in its software, but will not release a fix for a command injection bug in WAP371 due to end-of-life status, recommending customers to migrate to the Cisco Business 240AC Access Point.