CVE-2009-2047: Path Traversal
First published: Thu Jul 16 2009(Updated: )
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Carrier Routing System | =3.5 | |
| Cisco Carrier Routing System | =4.0 | |
| Cisco Carrier Routing System | =4.1 | |
| Cisco Carrier Routing System | =4.5 | |
| Cisco Carrier Routing System | =5.0 | |
| Cisco Carrier Routing System | =6.0 | |
| Cisco Carrier Routing System | =7.0 | |
| Cisco Customer Response Solution | =3.5 | |
| Cisco IP QM | =3.5 | |
| Cisco Unified Contact Center Express | =3.5 | |
| Cisco Unified Contact Center Express | =4.0\(1\) | |
| Cisco Unified Contact Center Express | =4.0\(3\) | |
| Cisco Unified Contact Center Express | =4.0\(4\) | |
| Cisco Unified Contact Center Express | =4.0\(5\) | |
| Cisco Unified Contact Center Express | =4.0\(5a\) | |
| Cisco Unified Contact Center Express | =4.5\(1\) | |
| Cisco Unified Contact Center Express | =4.5\(2\) | |
| Cisco Unified Contact Center Express | =5.0\(1\) | |
| Cisco Unified Contact Center Express | =6.0\(1\) | |
| Cisco Unified Contact Center Express | =7.0\(1\) | |
| Cisco Unified Contact Center Express | =3.0 | |
| Cisco Unified Contact Center Express | =5.0\(1\) | |
| Cisco Unified Contact Center Express | =6.0\(1\) | |
| Cisco Unified Contact Center Express | =7.0 | |
| Cisco Unified IP Interactive Voice Response | =3.0 | |
| Cisco Unified IP Interactive Voice Response | =3.1 | |
| Cisco Unified IP Interactive Voice Response | =4.0 | |
| Cisco Unified IP Interactive Voice Response | =4.1 | |
| Cisco Unified IP Interactive Voice Response | =4.5 | |
| Cisco Unified IP Interactive Voice Response | =5.0 | |
| Cisco Unified IP Interactive Voice Response | =6.0 | |
| Cisco Unified IP Interactive Voice Response | =7.0 | |
| Cisco Unified IP Interactive Voice Response | =7.0\(1\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml
- http://www.securityfocus.com/bid/35706
- http://www.securitytracker.com/id?1022569
- http://www.vupen.com/english/advisories/2009/1913
- http://secunia.com/advisories/35861
- http://osvdb.org/55936
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51731
Frequently Asked Questions
What is the severity of CVE-2009-2047?
CVE-2009-2047 is considered a medium severity vulnerability due to its potential for remote exploitation by authenticated users.
How do I fix CVE-2009-2047?
To fix CVE-2009-2047, you should upgrade the affected Cisco software to version 7.0(1) SR2 or later.
What systems are affected by CVE-2009-2047?
CVE-2009-2047 affects various versions of Cisco Unified Contact Center Express and Cisco Customer Response Solutions prior to their patched versions.
Can CVE-2009-2047 lead to data exposure?
Yes, CVE-2009-2047 allows authenticated users to read, modify, or delete arbitrary files, which can lead to data exposure.
Who is primarily impacted by CVE-2009-2047?
Organizations using vulnerable versions of Cisco Customer Response Solutions and Cisco Unified Contact Center Express may be primarily impacted by CVE-2009-2047.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/cisco
- canonical/cisco carrier routing system
- version/cisco carrier routing system/3.5
- version/cisco carrier routing system/4.0
- version/cisco carrier routing system/4.1
- version/cisco carrier routing system/4.5
- version/cisco carrier routing system/5.0
- version/cisco carrier routing system/6.0
- version/cisco carrier routing system/7.0
- canonical/cisco customer response solution
- version/cisco customer response solution/3.5
- canonical/cisco ip qm
- version/cisco ip qm/3.5
- canonical/cisco unified contact center express
- version/cisco unified contact center express/3.5
- version/cisco unified contact center express/4.0\(1\)
- version/cisco unified contact center express/4.0\(3\)
- version/cisco unified contact center express/4.0\(4\)
- version/cisco unified contact center express/4.0\(5\)
- version/cisco unified contact center express/4.0\(5a\)
- version/cisco unified contact center express/4.5\(1\)
- version/cisco unified contact center express/4.5\(2\)
- version/cisco unified contact center express/5.0\(1\)
- version/cisco unified contact center express/6.0\(1\)
- version/cisco unified contact center express/7.0\(1\)
- version/cisco unified contact center express/3.0
- version/cisco unified contact center express/7.0
- canonical/cisco unified ip interactive voice response
- version/cisco unified ip interactive voice response/3.0
- version/cisco unified ip interactive voice response/3.1
- version/cisco unified ip interactive voice response/4.0
- version/cisco unified ip interactive voice response/4.1
- version/cisco unified ip interactive voice response/4.5
- version/cisco unified ip interactive voice response/5.0
- version/cisco unified ip interactive voice response/6.0
- version/cisco unified ip interactive voice response/7.0
- version/cisco unified ip interactive voice response/7.0\(1\)