CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
Percentile
65.0%
A vulnerability in the Multiple Analyzer of the Cisco Unified Communications Manager Dialed Number Analyzer (DNA) could allow an authenticated, remote attacker to upload arbitrary files to a restricted location on the filesystem.
The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by submitting crafted data to the web server.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
Although an attacker must authenticate to an affected device to exploit this vulnerability, the attacker may be able to convince an authenticated user to click a malicious link by using misleading language and instructions.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_communications_manager | any | cpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:* |