Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5534 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2013-10-19 10:36
Updated : 2024-02-28 12:00
NVD link : CVE-2013-5534
Mitre link : CVE-2013-5534
CVE.ORG link : CVE-2013-5534
JSON object : View
Products Affected
cisco
- unity_connection
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')