CVE-2010-1571: Path Traversal
First published: Thu Jun 10 2010(Updated: )
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Contact Center Express Enhanced | =7.0 | |
| Cisco Unified Contact Center Express Enhanced | =5.0 | |
| Cisco Unified Contact Center Express Enhanced | =6.0 | |
| Cisco customer response solution | =7.0 | |
| Cisco customer response solution | =5.0 | |
| Cisco customer response solution | =6.0 | |
| Cisco IP Interactive Voice Response (IVR) | =7.0 | |
| Cisco IP Interactive Voice Response (IVR) | =6.0 | |
| Cisco IP Interactive Voice Response (IVR) | =5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-1571?
CVE-2010-1571 is considered a high severity vulnerability due to its potential for remote file access.
How do I fix CVE-2010-1571?
To fix CVE-2010-1571, you should upgrade to the latest software version as recommended by Cisco.
Which Cisco products are affected by CVE-2010-1571?
CVE-2010-1571 affects Cisco Unified Contact Center Express, Customer Response Solution, and Unified IP Interactive Voice Response across several versions.
Can CVE-2010-1571 be exploited remotely?
Yes, CVE-2010-1571 can be exploited remotely by attackers via a crafted bootstrap message.
What does CVE-2010-1571 allow an attacker to do?
CVE-2010-1571 allows attackers to read arbitrary files from affected systems.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- vendor/cisco
- canonical/cisco unified contact center express enhanced
- version/cisco unified contact center express enhanced/7.0
- version/cisco unified contact center express enhanced/5.0
- version/cisco unified contact center express enhanced/6.0
- canonical/cisco customer response solution
- version/cisco customer response solution/7.0
- version/cisco customer response solution/5.0
- version/cisco customer response solution/6.0
- canonical/cisco ip interactive voice response (ivr)
- version/cisco ip interactive voice response (ivr)/7.0
- version/cisco ip interactive voice response (ivr)/6.0
- version/cisco ip interactive voice response (ivr)/5.0