CVE-2011-3315

27.10.2011, 21:55

Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.

Path Traversal

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Vector
NIST	NIST	7.8 UNKNOWN	NETWORK	LOW	AV:N/AC:L/Au:N/C:C/I:N/A:N
cisco	CNA	---			---
CVE	ADP	---			---

Base Score

CVSS 3.x

EPSS Score

Percentile: 98%

Vendor	Product	Version
cisco	unified_ip_interactive_voice_response	-
cisco	unified_ip_ivr	6.0\(1\)
cisco	unified_ip_ivr	7.0\(1\)
cisco	unified_ip_ivr	7.0\(2\)
cisco	unified_ip_ivr	8.0\(1\)
cisco	unified_ip_ivr	8.0\(2\)
cisco	unified_ip_ivr	8.5\(1\)
cisco	unified_communications_manager	5.0
cisco	unified_communications_manager	5.1
cisco	unified_communications_manager	5.1\(1\)
cisco	unified_communications_manager	5.1\(1b\)
cisco	unified_communications_manager	5.1\(1c\)
cisco	unified_communications_manager	5.1\(2\)
cisco	unified_communications_manager	5.1\(2a\)
cisco	unified_communications_manager	5.1\(2b\)
cisco	unified_communications_manager	5.1\(3\)
cisco	unified_communications_manager	5.1\(3a\)
cisco	unified_communications_manager	5.1\(3c\)
cisco	unified_communications_manager	5.1\(3d\)
cisco	unified_communications_manager	5.1\(3e\)
cisco	unified_communications_manager	5.1.2
cisco	unified_communications_manager	6.0
cisco	unified_communications_manager	6.1\(1\)
cisco	unified_communications_manager	6.1\(1a\)
cisco	unified_communications_manager	6.1\(1b\)
cisco	unified_communications_manager	6.1\(2\)
cisco	unified_communications_manager	6.1\(2\)su1
cisco	unified_communications_manager	6.1\(2\)su1a
cisco	unified_communications_manager	6.1\(3\)
cisco	unified_communications_manager	6.1\(3a\)
cisco	unified_communications_manager	6.1\(3b\)
cisco	unified_communications_manager	6.1\(3b\)su1
cisco	unified_communications_manager	6.1\(4\)
cisco	unified_communications_manager	6.1\(4\)su1
cisco	unified_communications_manager	6.1\(4a\)
cisco	unified_communications_manager	6.1\(4a\)su2
cisco	unified_communications_manager	6.1\(5\)
cisco	unified_communications_manager	6.1\(5\)su1
cisco	unified_communications_manager	7.0\(1\)su1
cisco	unified_communications_manager	7.0\(1\)su1a
cisco	unified_communications_manager	7.0\(2\)
cisco	unified_communications_manager	7.0\(2a\)
cisco	unified_communications_manager	7.0\(2a\)su1
cisco	unified_communications_manager	7.0\(2a\)su2
cisco	unified_communications_manager	7.1\(2a\)
cisco	unified_communications_manager	7.1\(2a\)su1
cisco	unified_communications_manager	7.1\(2b\)
cisco	unified_communications_manager	7.1\(2b\)su1
cisco	unified_communications_manager	7.1\(3\)
cisco	unified_communications_manager	7.1\(3a\)
cisco	unified_communications_manager	7.1\(3a\)su1
cisco	unified_communications_manager	7.1\(3a\)su1a
cisco	unified_communications_manager	7.1\(3b\)
cisco	unified_communications_manager	7.1\(3b\)su1
cisco	unified_communications_manager	7.1\(3b\)su2
cisco	unified_communications_manager	7.1\(5\)
cisco	unified_communications_manager	7.1\(5\)su1
cisco	unified_communications_manager	7.1\(5\)su1a
cisco	unified_communications_manager	7.1\(5a\)
cisco	unified_communications_manager	7.1\(5b\)
cisco	unified_communications_manager	7.1\(5b\)su1
cisco	unified_communications_manager	7.1\(5b\)su1a
cisco	unified_communications_manager	8.0
cisco	unified_communications_manager	8.0\(1\)
cisco	unified_communications_manager	8.0\(2\)
cisco	unified_communications_manager	8.0\(2a\)
cisco	unified_communications_manager	8.0\(2b\)
cisco	unified_communications_manager	8.0\(2c\)
cisco	unified_communications_manager	8.0\(2c\)su1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx