A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote malicious user to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the malicious user to access sensitive files on the affected system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco unified communications manager |
||
cisco unified communications manager im and presence service |
||
cisco unity connection |