Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1607

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2011-1607
Last Modified 11 May 2011 03:25:38
Published 03 May 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-1607

Summary

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

Vulnerable Systems

Application

  • Cisco Unified Communications Manager 6.0

  • Cisco Unified Communications Manager 6.1%281%29

  • Cisco Unified Communications Manager 6.1%281a%29

  • Cisco Unified Communications Manager 6.1%281b%29

  • Cisco Unified Communications Manager 6.1%282%29

  • Cisco Unified Communications Manager 6.1%282%29su1

  • Cisco Unified Communications Manager 6.1%282%29su1a

  • Cisco Unified Communications Manager 6.1%283%29

  • Cisco Unified Communications Manager 6.1%283a%29

  • Cisco Unified Communications Manager 6.1%283b%29

  • Cisco Unified Communications Manager 6.1%283b%29su1

  • Cisco Unified Communications Manager 6.1%284%29

  • Cisco Unified Communications Manager 6.1%284%29su1

  • Cisco Unified Communications Manager 6.1%284a%29

  • Cisco Unified Communications Manager 6.1%284a%29su2

  • Cisco Unified Communications Manager 6.1%285%29

  • Cisco Unified Communications Manager 6.1%285%29su1

  • Cisco Unified Communications Manager 7.0%281%29su1

  • Cisco Unified Communications Manager 7.0%281%29su1a

  • Cisco Unified Communications Manager 7.0%282%29

  • Cisco Unified Communications Manager 7.0%282a%29

  • Cisco Unified Communications Manager 7.0%282a%29su1

  • Cisco Unified Communications Manager 7.0%282a%29su2

  • Cisco Unified Communications Manager 7.1%282a%29

  • Cisco Unified Communications Manager 7.1%282a%29su1

  • Cisco Unified Communications Manager 7.1%282b%29

  • Cisco Unified Communications Manager 7.1%282b%29su1

  • Cisco Unified Communications Manager 7.1%283%29

  • Cisco Unified Communications Manager 7.1%283a%29

  • Cisco Unified Communications Manager 7.1%283a%29su1

  • Cisco Unified Communications Manager 7.1%283a%29su1a

  • Cisco Unified Communications Manager 7.1%283b%29

  • Cisco Unified Communications Manager 7.1%283b%29su1

  • Cisco Unified Communications Manager 7.1%283b%29su2

  • Cisco Unified Communications Manager 7.1%285%29

  • Cisco Unified Communications Manager 7.1%285%29su1

  • Cisco Unified Communications Manager 7.1%285%29su1a

  • Cisco Unified Communications Manager 7.1%285a%29

  • Cisco Unified Communications Manager 7.1%285b%29

  • Cisco Unified Communications Manager 7.1%285b%29su2

  • Cisco Unified Communications Manager 8.0%282c%29

  • Cisco Unified Communications Manager 8.0%282c%29su1

  • Cisco Unified Communications Manager 8.0%283%29

  • Cisco Unified Communications Manager 8.0%283a%29

  • Cisco Unified Communications Manager 8.5


References

XF - cisco-ucm-dir-traversal(67127)

VUPEN - ADV-2011-1122

SECTRACK - 1025449

BID - 47608

CISCO - 20110427 Multiple Vulnerabilities in Cisco Unified Communications Manager

SECUNIA - 44331

FULLDISC - 20110502 Re: ZDI-11-143: Cisco Unified CallManager xmldirectorylist.jsp SQL Injection Vulnerability


Last Updated: 27 May 2016 10:56:23