You are here

U-021: Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files

October 27, 2011 - 7:45am

Addthis

PROBLEM:

Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files.

PLATFORM:

Cisco Unified Communications Manager 6.x, 7.x and 8.x

ABSTRACT:

A vulnerability was reported in Cisco Unified Communications Manager.

reference LINKS:
 

Cisco Advisory ID: cisco-sa-20111026-cucm
Cisco Security Advisories and Response
SecurityTracker Alert ID: 1026243
CVE-2011-3315

IMPACT ASSESSMENT:

Medium

Discussion:

A remote user can view files on the target system. The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to obtain arbitrary files on the target system.

Impact:

Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.

Solution:

Cisco has released free software updates that address this vulnerability. Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Log In  or Download Software
 

Addthis