Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability

A vulnerability in the Real-Time Monitoring Tool (RTMT) of Cisco Unified Communications Manager (Cisco Unified CM) could allow an authenticated, remote attacker to download files from arbitrary locations on the filesystem.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable device.

Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.

Although an attacker must authenticate to an affected device to exploit this vulnerability, the attacker could persuade an authenticated user to click a malicious link by using misleading language and instructions in an attempt to exploit the vulnerability.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.