DDIVRT-2011-35 Cisco Unified Contact Center Express Directory Traversal [CVE-2011-3315]
August 9, 2011
Digital Defense, Inc. Vulnerability Research Team Credit: r@b13$
The default deployment of Cisco Unified Contact Center Express (UCCX) system is configured with multiple listening services. The web service that is listening on TCP port 9080, or on TCP port 8080 in versions prior to 8.0(x), serves a directory which is configured in a way that allows for a remote unauthenticated attacker to retrieve arbitrary files from the UCCX root filesystem through a directory traversal attack. It is possible for an attacker to use this vector to gain console access to the vulnerable node as the 'ccxcluster' user, and subsequently escalate privileges.
Cisco has released a patch for this vulnerability. Information regarding the software update which addresses this issue is available at:
Cisco Unified Contact Center Express (UCCX) versions: 8.5(x), 8.0(x), 7.0(x), 6.0(x) Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions: 8.5(x), 8.0(x), 7.0(x), 6.0(x)
Vendor Name: Cisco Vendor Website: http://www.cisco.com/