CVE-2021-34701
Published on: 11/04/2021 12:00:00 AM UTC
Last Modified on: 11/17/2021 09:38:18 PM UTC
CVE-2021-34701 - advisory for cisco-sa-cucm-path-trav-dKCvktvO
Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Unified Communications Manager from Cisco contain the following vulnerability:
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
- CVE-2021-34701 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
- Affected Vendor/Software:
Cisco - Cisco Unity Connection version n/a
CVSS3 Score: 4.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 4 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Cisco Unified Communications Products Path Traversal Vulnerability | tools.cisco.com text/html |
![]() |
Related QID Numbers
- 317112 Cisco Unified Communications Products Path Traversal Vulnerability (cisco-sa-cucm-path-trav-dKCvktvO)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Cisco | Unified Communications Manager | All | All | All | All |
Application | Cisco | Unified Communications Manager | All | All | All | All |
Application | Cisco | Unified Communications Manager Im And Presence Service | All | All | All | All |
Application | Cisco | Unity Connection | All | All | All | All |
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:session_management:*:*:*:
- cpe:2.3:a:cisco:unified_communications_manager_im_and_presence_service:*:*:*:*:*:*:*:*:
- cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*:
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-34701 : A vulnerability in the web-based management interface of Cisco Unified Communications Manager U… twitter.com/i/web/status/1… | 2021-11-04 15:49:02 |
![]() |
CVE-2021-34701 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unifi… twitter.com/i/web/status/1… | 2021-11-05 07:09:24 |