Published: 03/05/2011 Updated: 17/08/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x prior to 6.1(5)su3, 7.x prior to 7.1(5b)su3, 8.0 prior to 8.0(3a)su1, and 8.5 prior to 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified communications manager 6.1\\(4a\\)
cisco unified communications manager 6.1\\(3a\\)
cisco unified communications manager 6.1\\(4\\)
cisco unified communications manager 6.1\\(1\\)
cisco unified communications manager 6.1\\(2\\)su1
cisco unified communications manager 6.1\\(2\\)
cisco unified communications manager 6.1\\(3b\\)
cisco unified communications manager 6.1\\(5\\)
cisco unified communications manager 6.1\\(5\\)su1
cisco unified communications manager 6.1\\(2\\)su1a
cisco unified communications manager 6.1\\(1b\\)
cisco unified communications manager 6.1\\(1a\\)
cisco unified communications manager 6.1\\(3\\)
cisco unified communications manager 6.0
cisco unified communications manager 6.1\\(3b\\)su1
cisco unified communications manager 6.1\\(4\\)su1
cisco unified communications manager 6.1\\(4a\\)su2
cisco unified communications manager 7.1\\(3\\)
cisco unified communications manager 7.1\\(5\\)
cisco unified communications manager 7.0\\(2\\)
cisco unified communications manager 7.0\\(1\\)su1
cisco unified communications manager 7.1\\(2b\\)
cisco unified communications manager 7.1\\(2b\\)su1
cisco unified communications manager 7.1\\(3b\\)su2
cisco unified communications manager 7.1\\(3b\\)su1
cisco unified communications manager 7.0\\(2a\\)su1
cisco unified communications manager 7.0\\(2a\\)su2
cisco unified communications manager 7.1\\(5b\\)su2
cisco unified communications manager 7.1\\(3a\\)su1
cisco unified communications manager 7.1\\(3a\\)su1a
cisco unified communications manager 7.1\\(5\\)su1a
cisco unified communications manager 7.0\\(1\\)su1a
cisco unified communications manager 7.0\\(2a\\)
cisco unified communications manager 7.1\\(3b\\)
cisco unified communications manager 7.1\\(3a\\)
cisco unified communications manager 7.1\\(5\\)su1
cisco unified communications manager 7.1\\(5b\\)
cisco unified communications manager 7.1\\(5a\\)
cisco unified communications manager 7.1\\(2a\\)
cisco unified communications manager 7.1\\(2a\\)su1
cisco unified communications manager 8.5
cisco unified communications manager 8.0\\(3\\)
cisco unified communications manager 8.0\\(2c\\)su1
cisco unified communications manager 8.0\\(2c\\)
cisco unified communications manager 8.0\\(3a\\)

Cisco Unified Communications Manager (previously known as Cisco CallManager) contains the following vulnerabilities: Three (3) denial of service (DoS) vulnerabilities that affect Session Initiation Protocol (SIP) services Directory transversal vulnerability Two (2) SQL injection vulnerabilities Cisco has released free software upd ...

CWE-22 http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml http://www.securityfocus.com/bid/47608 http://secunia.com/advisories/44331 http://www.securitytracker.com/id?1025449 http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html http://www.vupen.com/english/advisories/2011/1122 https://exchange.xforce.ibmcloud.com/vulnerabilities/67127 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110427-cucm

CVE-2011-1607

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect