Lucene search

[email protected]CVE-2011-1607

HistoryMay 03, 2011 - 10:55 p.m.

CVE-2011-1607

2011-05-0322:55:02

CWE-22

[email protected]

web.nvd.nist.gov

cisco

cucm

directory traversal

vulnerability

cve-2011-1607

bug id cscti81603

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

JSON

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

Affected configurations

NVD

Node

ciscounified_communications_managerMatch6.0

ciscounified_communications_managerMatch6.1\(1\)

ciscounified_communications_managerMatch6.1\(1a\)

ciscounified_communications_managerMatch6.1\(1b\)

ciscounified_communications_managerMatch6.1\(2\)

ciscounified_communications_managerMatch6.1\(2\)su1

ciscounified_communications_managerMatch6.1\(2\)su1a

ciscounified_communications_managerMatch6.1\(3\)

ciscounified_communications_managerMatch6.1\(3a\)

ciscounified_communications_managerMatch6.1\(3b\)

ciscounified_communications_managerMatch6.1\(3b\)su1

ciscounified_communications_managerMatch6.1\(4\)

ciscounified_communications_managerMatch6.1\(4\)su1

ciscounified_communications_managerMatch6.1\(4a\)

ciscounified_communications_managerMatch6.1\(4a\)su2

ciscounified_communications_managerMatch6.1\(5\)

ciscounified_communications_managerMatch6.1\(5\)su1

ciscounified_communications_managerMatch6.1\(5\)su2

Node

ciscounified_communications_managerMatch7.0\(1\)su1

ciscounified_communications_managerMatch7.0\(1\)su1a

ciscounified_communications_managerMatch7.0\(2\)

ciscounified_communications_managerMatch7.0\(2a\)

ciscounified_communications_managerMatch7.0\(2a\)su1

ciscounified_communications_managerMatch7.0\(2a\)su2

ciscounified_communications_managerMatch7.1\(2a\)

ciscounified_communications_managerMatch7.1\(2a\)su1

ciscounified_communications_managerMatch7.1\(2b\)

ciscounified_communications_managerMatch7.1\(2b\)su1

ciscounified_communications_managerMatch7.1\(3\)

ciscounified_communications_managerMatch7.1\(3a\)

ciscounified_communications_managerMatch7.1\(3a\)su1

ciscounified_communications_managerMatch7.1\(3a\)su1a

ciscounified_communications_managerMatch7.1\(3b\)

ciscounified_communications_managerMatch7.1\(3b\)su1

ciscounified_communications_managerMatch7.1\(3b\)su2

ciscounified_communications_managerMatch7.1\(5\)

ciscounified_communications_managerMatch7.1\(5\)su1

ciscounified_communications_managerMatch7.1\(5\)su1a

ciscounified_communications_managerMatch7.1\(5a\)

ciscounified_communications_managerMatch7.1\(5b\)

ciscounified_communications_managerMatch7.1\(5b\)su2

Node

ciscounified_communications_managerMatch8.0\(2c\)

ciscounified_communications_managerMatch8.0\(2c\)su1

ciscounified_communications_managerMatch8.0\(3\)

ciscounified_communications_managerMatch8.0\(3a\)

ciscounified_communications_managerMatch8.5

CPENameOperatorVersion
cisco:unified_communications_managercisco unified communications managereq6.0
cisco:unified_communications_managercisco unified communications managereq6.1\(1\)
cisco:unified_communications_managercisco unified communications managereq6.1\(1a\)
cisco:unified_communications_managercisco unified communications managereq6.1\(1b\)
cisco:unified_communications_managercisco unified communications managereq6.1\(2\)
cisco:unified_communications_managercisco unified communications managereq6.1\(2\)su1
cisco:unified_communications_managercisco unified communications managereq6.1\(2\)su1a
cisco:unified_communications_managercisco unified communications managereq6.1\(3\)
cisco:unified_communications_managercisco unified communications managereq6.1\(3a\)
cisco:unified_communications_managercisco unified communications managereq6.1\(3b\)

CPE	Name	Operator	Version
cisco:unified_communications_manager	cisco unified communications manager	eq	6.0
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(1a\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(1b\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(2\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(2\)su1
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(2\)su1a
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3a\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3b\)

Rows per page:

1-10 of 171

References

archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html

secunia.com/advisories/44331

www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml

www.securityfocus.com/bid/47608

www.securitytracker.com/id?1025449

www.vupen.com/english/advisories/2011/1122

exchange.xforce.ibmcloud.com/vulnerabilities/67127

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for CVE-2011-1607

prion1 nvd1 cvelist1 securityvulns2