CVE-2014-2145: Path Traversal
First published: Sat Apr 05 2014(Updated: )
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unity Connection 8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2145?
CVE-2014-2145 is rated as a medium severity vulnerability.
How does CVE-2014-2145 exploit the messaging API in Cisco Unity Connection?
CVE-2014-2145 exploits the messaging API by allowing remote authenticated users to read arbitrary files due to insufficient access control enforcement.
What files can be accessed due to CVE-2014-2145?
CVE-2014-2145 allows unauthorized access to .wav files and any files that are accessible through the audio/x-wav MIME type.
Who is affected by CVE-2014-2145?
Organizations using Cisco Unity Connection are affected by CVE-2014-2145 if they have remote authenticated users.
How can I mitigate the risk associated with CVE-2014-2145?
To mitigate the risk of CVE-2014-2145, it's essential to apply the recommended security patches provided by Cisco.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unity connection 8.6