medium
6.5
CWE
23
Advisory Published
Updated

cisco-sa-ucm-file-read-h8h4HEJ3: Cisco Unified Communications Products Arbitrary File Read Vulnerability

First published: Wed Apr 20 2022(Updated: )

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating

Affected SoftwareAffected VersionHow to fix
Cisco Unified CM<14SU1
14SU1
Cisco Unified CM SME<14SU1
14SU1

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

  • What is the vulnerability ID for this vulnerability?

    The vulnerability ID for this vulnerability is cisco-sa-ucm-file-read-h8h4HEJ3.

  • What is the title of this vulnerability?

    The title of this vulnerability is 'Cisco Unified Communications Products Arbitrary File Read Vulnerability'.

  • What is the severity of cisco-sa-ucm-file-read-h8h4HEJ3?

    The severity of cisco-sa-ucm-file-read-h8h4HEJ3 is medium with a severity value of 6.5.

  • Which software products are affected by cisco-sa-ucm-file-read-h8h4HEJ3?

    Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) are affected by cisco-sa-ucm-file-read-h8h4HEJ3.

  • How can an attacker exploit this vulnerability?

    An authenticated, remote attacker can exploit this vulnerability by reading arbitrary files from the underlying operating system through the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME).

  • What is the Common Weakness Enumeration (CWE) ID for this vulnerability?

    The Common Weakness Enumeration (CWE) ID for this vulnerability is 23.

  • How can I fix cisco-sa-ucm-file-read-h8h4HEJ3?

    To fix cisco-sa-ucm-file-read-h8h4HEJ3, update Cisco Unified Communications Manager (Unified CM) to version 14SU1 or later.

  • Is there any additional reference available for this vulnerability?

    Yes, you can refer to the Cisco Security Advisory for more information: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203