[Forgot Password]
Login  Register Subscribe

24437

 
 

131815

 
 

116586

 
 

909

 
 

91167

 
 

142

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2011-1607Date: (C)2011-05-03   (M)2018-02-19


Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE_INSTANCE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1025449
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
SECUNIA-44331
BID-47608
ADV-2011-1122
cisco-ucm-dir-traversal(67127)

CPE    2
cpe:/a:cisco:unified_communications_manager:6.0
cpe:/a:cisco:unified_communications_manager:8.5
CWE    1
CWE-22

© SecPod Technologies