Cisco Unified Communications Manager Directory Traversal Vulnerability
Severity Rating: Medium
- Cisco Unified Communications Manager
A vulnerability has been identified in Cisco Unified Communications Manager and can be exploited by remote attackers to access files on the vulnerable system. The vulnerability exists in the web framework of Cisco Unified Communications Manager and is caused due to insufficient input validation by the affected software. This vulnerability can allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. Successful exploitation of the vulnerability can allow an attacker to use directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager file system.
Users are advised to apply updates.
More information about the update is available on:
Cisco Security Advisory
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street