CVE-2011-1607

Current Description

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

Basic Data

PublishedMay 03, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-22
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.5
SeverityMEDIUM
Exploitability Score8.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoUnified Communications Manager6.0*******
    2.3ApplicationCiscoUnified Communications Manager6.1(1)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(1a)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(1b)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(2)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(2)su1*******
    2.3ApplicationCiscoUnified Communications Manager6.1(2)su1a*******
    2.3ApplicationCiscoUnified Communications Manager6.1(3)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(3a)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(3b)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(3b)su1*******
    2.3ApplicationCiscoUnified Communications Manager6.1(4)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(4)su1*******
    2.3ApplicationCiscoUnified Communications Manager6.1(4a)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(4a)su2*******
    2.3ApplicationCiscoUnified Communications Manager6.1(5)*******
    2.3ApplicationCiscoUnified Communications Manager6.1(5)su1*******
    2.3ApplicationCiscoUnified Communications Manager6.1(5)su2*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoUnified Communications Manager7.0(1)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.0(1)su1a*******
    2.3ApplicationCiscoUnified Communications Manager7.0(2)*******
    2.3ApplicationCiscoUnified Communications Manager7.0(2a)*******
    2.3ApplicationCiscoUnified Communications Manager7.0(2a)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.0(2a)su2*******
    2.3ApplicationCiscoUnified Communications Manager7.1(2a)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(2a)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(2b)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(2b)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3a)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3a)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3a)su1a*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3b)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3b)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(3b)su2*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5)su1*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5)su1a*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5a)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5b)*******
    2.3ApplicationCiscoUnified Communications Manager7.1(5b)su2*******
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCiscoUnified Communications Manager8.0(2c)*******
    2.3ApplicationCiscoUnified Communications Manager8.0(2c)su1*******
    2.3ApplicationCiscoUnified Communications Manager8.0(3)*******
    2.3ApplicationCiscoUnified Communications Manager8.0(3a)*******
    2.3ApplicationCiscoUnified Communications Manager8.5*******

Vulnerable Software List

VendorProductVersions
Cisco Unified Communications Manager 6.0, 6.1(1), 6.1(1a), 6.1(1b), 6.1(2), 6.1(2)su1, 6.1(2)su1a, 6.1(3), 6.1(3a), 6.1(3b), 6.1(3b)su1, 6.1(4), 6.1(4)su1, 6.1(4a), 6.1(4a)su2, 6.1(5), 6.1(5)su1, 7.0(1)su1, 7.0(1)su1a, 7.0(2), 7.0(2a), 7.0(2a)su1, 7.0(2a)su2, 7.1(2a), 7.1(2a)su1, 7.1(2b), 7.1(2b)su1, 7.1(3), 7.1(3a), 7.1(3a)su1, 7.1(3a)su1a, 7.1(3b), 7.1(3b)su1, 7.1(3b)su2, 7.1(5), 7.1(5)su1, 7.1(5)su1a, 7.1(5a), 7.1(5b), 7.1(5b)su2, 8.0(2c), 8.0(2c)su1, 8.0(3), 8.0(3a), 8.5

References

NameSourceURLTags
20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerabilityhttp://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.htmlFULLDISC
44331http://secunia.com/advisories/44331SECUNIA
20110427 Multiple Vulnerabilities in Cisco Unified Communications Managerhttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtmlCISCOVendor Advisory
47608http://www.securityfocus.com/bid/47608BID
1025449http://www.securitytracker.com/id?1025449SECTRACK
ADV-2011-1122http://www.vupen.com/english/advisories/2011/1122VUPEN
cisco-ucm-dir-traversal(67127)https://exchange.xforce.ibmcloud.com/vulnerabilities/67127XF