CVE-2011-1607 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	6.5 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:S/C:P/I:P/A:P
cisco	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 69%

Vendor	Product	Version
cisco	unified_communications_manager	6.0
cisco	unified_communications_manager	6.1\(1\)
cisco	unified_communications_manager	6.1\(1a\)
cisco	unified_communications_manager	6.1\(1b\)
cisco	unified_communications_manager	6.1\(2\)
cisco	unified_communications_manager	6.1\(2\)su1
cisco	unified_communications_manager	6.1\(2\)su1a
cisco	unified_communications_manager	6.1\(3\)
cisco	unified_communications_manager	6.1\(3a\)
cisco	unified_communications_manager	6.1\(3b\)
cisco	unified_communications_manager	6.1\(3b\)su1
cisco	unified_communications_manager	6.1\(4\)
cisco	unified_communications_manager	6.1\(4\)su1
cisco	unified_communications_manager	6.1\(4a\)
cisco	unified_communications_manager	6.1\(4a\)su2
cisco	unified_communications_manager	6.1\(5\)
cisco	unified_communications_manager	6.1\(5\)su1
cisco	unified_communications_manager	7.0\(1\)su1
cisco	unified_communications_manager	7.0\(1\)su1a
cisco	unified_communications_manager	7.0\(2\)
cisco	unified_communications_manager	7.0\(2a\)
cisco	unified_communications_manager	7.0\(2a\)su1
cisco	unified_communications_manager	7.0\(2a\)su2
cisco	unified_communications_manager	7.1\(2a\)
cisco	unified_communications_manager	7.1\(2a\)su1
cisco	unified_communications_manager	7.1\(2b\)
cisco	unified_communications_manager	7.1\(2b\)su1
cisco	unified_communications_manager	7.1\(3\)
cisco	unified_communications_manager	7.1\(3a\)
cisco	unified_communications_manager	7.1\(3a\)su1
cisco	unified_communications_manager	7.1\(3a\)su1a
cisco	unified_communications_manager	7.1\(3b\)
cisco	unified_communications_manager	7.1\(3b\)su1
cisco	unified_communications_manager	7.1\(3b\)su2
cisco	unified_communications_manager	7.1\(5\)
cisco	unified_communications_manager	7.1\(5\)su1
cisco	unified_communications_manager	7.1\(5\)su1a
cisco	unified_communications_manager	7.1\(5a\)
cisco	unified_communications_manager	7.1\(5b\)
cisco	unified_communications_manager	7.1\(5b\)su2
cisco	unified_communications_manager	8.0\(2c\)
cisco	unified_communications_manager	8.0\(2c\)su1
cisco	unified_communications_manager	8.0\(3\)
cisco	unified_communications_manager	8.0\(3a\)
cisco	unified_communications_manager	8.5

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html

http://secunia.com/advisories/44331

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml

http://www.securityfocus.com/bid/47608

http://www.securitytracker.com/id?1025449

http://www.vupen.com/english/advisories/2011/1122

https://exchange.xforce.ibmcloud.com/vulnerabilities/67127

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html

http://secunia.com/advisories/44331

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml

http://www.securityfocus.com/bid/47608

http://www.securitytracker.com/id?1025449

http://www.vupen.com/english/advisories/2011/1122

https://exchange.xforce.ibmcloud.com/vulnerabilities/67127