cisco-sa-cuc-dirtrv-M9HpnME4: Cisco Unity Connection Directory Traversal Vulnerability
First published: Wed Jan 22 2020(Updated: )
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system. Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-dirtrv-M9HpnME4
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unity Connection 8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4?
The severity of Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4 is classified as high due to its potential impact on file overwriting.
How do I fix Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4?
To fix Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4, apply the latest security patches provided by Cisco for affected versions of Unity Connection.
What versions of Cisco Unity Connection are affected by cisco-sa-cuc-dirtrv-M9HpnME4?
Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4 affects Cisco Unity Connection version 8.6.
Can an unauthenticated user exploit Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4?
No, an authenticated remote attacker is required to exploit Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4.
What is the nature of the exploitation for Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4?
The exploitation of Cisco vulnerability cisco-sa-cuc-dirtrv-M9HpnME4 involves insufficient input validation allowing file overwriting on the filesystem.
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- collector/cisco-advisory
- source/Cisco
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/title
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unity connection 8.6