CVE-2017-6629: Path Traversal
First published: Wed May 03 2017(Updated: )
A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unity Connection | =10.5\(2\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6629?
CVE-2017-6629 has been classified as a high-severity vulnerability due to its potential for unauthorized access to sensitive files.
How do I fix CVE-2017-6629?
To fix CVE-2017-6629, update Cisco Unity Connection to a version that includes the security fix for the vulnerability.
What is the impact of CVE-2017-6629?
The impact of CVE-2017-6629 allows an attacker to access arbitrary files on the filesystem of an affected Cisco Unity Connection device.
Who is affected by CVE-2017-6629?
CVE-2017-6629 affects users of Cisco Unity Connection version 10.5(2) and potentially earlier versions.
Is CVE-2017-6629 exploitable remotely?
Yes, CVE-2017-6629 is exploitable remotely by unauthenticated attackers without needing physical access to the device.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/cisco
- canonical/cisco unity connection
- version/cisco unity connection/10.5\(2\)