CVE-2011-3315

2011-10-2721:55:00

CWE-22

[email protected]

web.nvd.nist.gov

cisco

unified communications manager

cucm

vulnerability

cve-2011-3315

directory traversal

security advisory

6.5 Medium

AI Score

Confidence

Low

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.809 High

EPSS

Percentile

98.3%

JSON

Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.

CPENameOperatorVersion
cisco:unified_ip_interactive_voice_responsecisco unified ip interactive voice responseeq-
cisco:unified_ip_ivrcisco unified ip ivreq6.0\(1\)
cisco:unified_ip_ivrcisco unified ip ivreq7.0\(1\)
cisco:unified_ip_ivrcisco unified ip ivreq7.0\(2\)
cisco:unified_ip_ivrcisco unified ip ivreq8.0\(1\)
cisco:unified_ip_ivrcisco unified ip ivreq8.0\(2\)
cisco:unified_ip_ivrcisco unified ip ivreq8.5\(1\)
cisco:unified_communications_managercisco unified communications managereq5.1\(3e\)
cisco:unified_communications_managercisco unified communications managereq6.1\(3a\)
cisco:unified_communications_managercisco unified communications managereq8.0\(2c\)

CPE	Name	Operator	Version
cisco:unified_ip_interactive_voice_response	cisco unified ip interactive voice response	eq	-
cisco:unified_ip_ivr	cisco unified ip ivr	eq	6.0\(1\)
cisco:unified_ip_ivr	cisco unified ip ivr	eq	7.0\(1\)
cisco:unified_ip_ivr	cisco unified ip ivr	eq	7.0\(2\)
cisco:unified_ip_ivr	cisco unified ip ivr	eq	8.0\(1\)
cisco:unified_ip_ivr	cisco unified ip ivr	eq	8.0\(2\)
cisco:unified_ip_ivr	cisco unified ip ivr	eq	8.5\(1\)
cisco:unified_communications_manager	cisco unified communications manager	eq	5.1\(3e\)
cisco:unified_communications_manager	cisco unified communications manager	eq	6.1\(3a\)
cisco:unified_communications_manager	cisco unified communications manager	eq	8.0\(2c\)