First published: Thu Nov 04 2021(Updated: )
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Unified Communications Manager | <14su1 | |
Cisco Unified Communications Manager | <14su1 | |
Cisco Unified Communications Manager IM and Presence Service | <14su1 | |
Cisco Unity Connection | <14su1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-34701 is a vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection.
CVE-2021-34701 affects Cisco Unified Communications Manager (Unified CM) versions up to and excluding 14su1.
The severity of CVE-2021-34701 is medium, with a severity value of 4.3.
To fix CVE-2021-34701, it is recommended to apply the necessary updates provided by Cisco.
You can find more information about CVE-2021-34701 on the Cisco Security Advisory page: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-path-trav-dKCvktvO).