Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)

VN-2017-108


Cisco Unified Communications Manager Directory Traversal Vulnerability
Severity Rating: Medium
Systems Affected:
  • Cisco Unified Communications Manager
Description
A vulnerability has been identified in Cisco Unified Communications Manager and can be exploited by remote attackers to access files on the vulnerable system. The vulnerability exists in the web framework of Cisco Unified Communications Manager and is caused due to insufficient input validation by the affected software. This vulnerability can allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. Successful exploitation of the vulnerability can allow an attacker to use directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager file system.
 
Solution
Users are advised to apply updates.
More information about the update is available on:
 
CVE Information
 
Vendor Information
Cisco
 
References
Security Tracker
 
Cisco Security Advisory
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis