QID 317168
Date Published: 2022-05-24
QID 317168: Cisco Unified Communications Products Arbitrary File Read Vulnerability (cisco-sa-ucm-file-read-h8h4HEJ3)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system.
Affected Products Cisco Unified CM and Cisco Unified CM SME Release 14.0 and earlier
QID Detection Logic (Authenticated):
The check matches the Cisco Unified Communications Product version retrieved via Unix Auth using " Active Master Version:" command.
An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.
Customers are advised to refer to cisco-sa-ucm-file-read-h8h4HEJ3 for more information.
- cisco-sa-ucm-file-read-h8h4HEJ3 -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3
CVEs related to QID 317168
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-ucm-file-read-h8h4HEJ3 | cisco-sa-ucm-file-read-h8h4HEJ3 |
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3 |