Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
References
Link | Resource |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5534 | Vendor Advisory |
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5534 | Vendor Advisory |
Configurations
History
21 Nov 2024, 01:57
Type | Values Removed | Values Added |
---|---|---|
References | () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5534 - Vendor Advisory |
Information
Published : 2013-10-19 10:36
Updated : 2024-11-21 01:57
NVD link : CVE-2013-5534
Mitre link : CVE-2013-5534
CVE.ORG link : CVE-2013-5534
JSON object : View
Products Affected
cisco
- unity_connection
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')