CVE-2011-1607: Path Traversal
First published: Tue May 03 2011(Updated: )
Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | =6.1\(3a\) | |
| Cisco Unified Communications Manager | =6.1\(2\) | |
| Cisco Unified Communications Manager | =6.1\(3b\)su1 | |
| Cisco Unified Communications Manager | =6.1\(2\)su1a | |
| Cisco Unified Communications Manager | =6.1\(4\)su1 | |
| Cisco Unified Communications Manager | =6.1\(4\) | |
| Cisco Unified Communications Manager | =6.1\(5\)su1 | |
| Cisco Unified Communications Manager | =6.1\(4a\) | |
| Cisco Unified Communications Manager | =6.1\(5\)su2 | |
| Cisco Unified Communications Manager | =6.1\(3\) | |
| Cisco Unified Communications Manager | =6.1\(4a\)su2 | |
| Cisco Unified Communications Manager | =6.1\(1\) | |
| Cisco Unified Communications Manager | =6.1\(1b\) | |
| Cisco Unified Communications Manager | =6.1\(3b\) | |
| Cisco Unified Communications Manager | =6.1\(5\) | |
| Cisco Unified Communications Manager | =6.1\(2\)su1 | |
| Cisco Unified Communications Manager | =6.0 | |
| Cisco Unified Communications Manager | =6.1\(1a\) | |
| Cisco Unified Communications Manager | =7.1\(2b\)su1 | |
| Cisco Unified Communications Manager | =7.1\(2b\) | |
| Cisco Unified Communications Manager | =7.1\(3b\) | |
| Cisco Unified Communications Manager | =7.1\(2a\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3b\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\)su1a | |
| Cisco Unified Communications Manager | =7.1\(3\) | |
| Cisco Unified Communications Manager | =7.1\(2a\) | |
| Cisco Unified Communications Manager | =7.1\(5b\) | |
| Cisco Unified Communications Manager | =7.0\(2a\) | |
| Cisco Unified Communications Manager | =7.0\(1\)su1 | |
| Cisco Unified Communications Manager | =7.0\(1\)su1a | |
| Cisco Unified Communications Manager | =7.1\(5b\)su2 | |
| Cisco Unified Communications Manager | =7.1\(5\) | |
| Cisco Unified Communications Manager | =7.1\(5a\) | |
| Cisco Unified Communications Manager | =7.0\(2a\)su2 | |
| Cisco Unified Communications Manager | =7.1\(5\)su1a | |
| Cisco Unified Communications Manager | =7.1\(5\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\) | |
| Cisco Unified Communications Manager | =7.0\(2a\)su1 | |
| Cisco Unified Communications Manager | =7.1\(3a\)su1 | |
| Cisco Unified Communications Manager | =7.0\(2\) | |
| Cisco Unified Communications Manager | =7.1\(3b\)su2 | |
| Cisco Unified Communications Manager | =8.0\(2c\) | |
| Cisco Unified Communications Manager | =8.0\(3\) | |
| Cisco Unified Communications Manager | =8.5 | |
| Cisco Unified Communications Manager | =8.0\(3a\) | |
| Cisco Unified Communications Manager | =8.0\(2c\)su1 | |
| Cisco Unified Communications Manager | =6.1\(5\)su2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml
- http://www.securityfocus.com/bid/47608
- http://secunia.com/advisories/44331
- http://www.securitytracker.com/id?1025449
- http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
- http://www.vupen.com/english/advisories/2011/1122
- https://exchange.xforce.ibmcloud.com/vulnerabilities/67127
Frequently Asked Questions
What is the severity of CVE-2011-1607?
CVE-2011-1607 has a CVSS base score indicating a high severity vulnerability.
How do I fix CVE-2011-1607?
To fix CVE-2011-1607, update your Cisco Unified Communications Manager to the latest version as specified in Cisco advisories.
What types of attacks can exploit CVE-2011-1607?
CVE-2011-1607 can be exploited through directory traversal attacks allowing unauthorized file uploads.
Who is affected by CVE-2011-1607?
CVE-2011-1607 affects remote authenticated users of specific versions of Cisco Unified Communications Manager.
What versions of Cisco Unified Communications Manager are impacted by CVE-2011-1607?
CVE-2011-1607 affects Cisco Unified Communications Manager versions 6.x through 8.5 prior to their respective patches.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/tags
- agent/source
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/6.0
- version/cisco unified communications manager/6.1\(1\)
- version/cisco unified communications manager/6.1\(1a\)
- version/cisco unified communications manager/6.1\(1b\)
- version/cisco unified communications manager/6.1\(2\)
- version/cisco unified communications manager/6.1\(2\)su1
- version/cisco unified communications manager/6.1\(2\)su1a
- version/cisco unified communications manager/6.1\(3\)
- version/cisco unified communications manager/6.1\(3a\)
- version/cisco unified communications manager/6.1\(3b\)
- version/cisco unified communications manager/6.1\(3b\)su1
- version/cisco unified communications manager/6.1\(4\)
- version/cisco unified communications manager/6.1\(4\)su1
- version/cisco unified communications manager/6.1\(4a\)
- version/cisco unified communications manager/6.1\(4a\)su2
- version/cisco unified communications manager/6.1\(5\)
- version/cisco unified communications manager/6.1\(5\)su1
- version/cisco unified communications manager/6.1\(5\)su2
- version/cisco unified communications manager/7.0\(1\)su1
- version/cisco unified communications manager/7.0\(1\)su1a
- version/cisco unified communications manager/7.0\(2\)
- version/cisco unified communications manager/7.0\(2a\)
- version/cisco unified communications manager/7.0\(2a\)su1
- version/cisco unified communications manager/7.0\(2a\)su2
- version/cisco unified communications manager/7.1\(2a\)
- version/cisco unified communications manager/7.1\(2a\)su1
- version/cisco unified communications manager/7.1\(2b\)
- version/cisco unified communications manager/7.1\(2b\)su1
- version/cisco unified communications manager/7.1\(3\)
- version/cisco unified communications manager/7.1\(3a\)
- version/cisco unified communications manager/7.1\(3a\)su1
- version/cisco unified communications manager/7.1\(3a\)su1a
- version/cisco unified communications manager/7.1\(3b\)
- version/cisco unified communications manager/7.1\(3b\)su1
- version/cisco unified communications manager/7.1\(3b\)su2
- version/cisco unified communications manager/7.1\(5\)
- version/cisco unified communications manager/7.1\(5\)su1
- version/cisco unified communications manager/7.1\(5\)su1a
- version/cisco unified communications manager/7.1\(5a\)
- version/cisco unified communications manager/7.1\(5b\)
- version/cisco unified communications manager/7.1\(5b\)su2
- version/cisco unified communications manager/8.0\(2c\)
- version/cisco unified communications manager/8.0\(2c\)su1
- version/cisco unified communications manager/8.0\(3\)
- version/cisco unified communications manager/8.0\(3a\)
- version/cisco unified communications manager/8.5