CVE-2011-1607

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:unified_communications_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(1b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(2\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(3b\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(4a\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:6.1\(5\)su2:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(1\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.0\(2a\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2a\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(2b\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3a\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(3b\)su2:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5\)su1a:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:7.1\(5b\)su2:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(2c\)su1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(3\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.0\(3a\):*:*:*:*:*:*:*
cpe:2.3:a:cisco:unified_communications_manager:8.5:*:*:*:*:*:*:*

History

21 Nov 2024, 01:26

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html - () http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html -
References () http://secunia.com/advisories/44331 - () http://secunia.com/advisories/44331 -
References () http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml - Vendor Advisory () http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml - Vendor Advisory
References () http://www.securityfocus.com/bid/47608 - () http://www.securityfocus.com/bid/47608 -
References () http://www.securitytracker.com/id?1025449 - () http://www.securitytracker.com/id?1025449 -
References () http://www.vupen.com/english/advisories/2011/1122 - () http://www.vupen.com/english/advisories/2011/1122 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/67127 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/67127 -

Information

Published : 2011-05-03 22:55

Updated : 2024-11-21 01:26


NVD link : CVE-2011-1607

Mitre link : CVE-2011-1607

CVE.ORG link : CVE-2011-1607


JSON object : View

Products Affected

cisco

  • unified_communications_manager
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')