| Vulnerability Name: | CVE-2013-5534 (CCN-88111) | ||||||||
| Assigned: | 2013-10-17 | ||||||||
| Published: | 2013-10-17 | ||||||||
| Updated: | 2013-10-21 | ||||||||
| Summary: | Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948. | ||||||||
| CVSS v3 Severity: | 3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-22 | ||||||||
| Vulnerability Consequences: | File Manipulation | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-5534 Source: CCN Type: SA55383 Cisco Unity Connection Voice Message Web Service Directory Traversal Vulnerability Source: CCN Type: SA55385 Cisco Unity Connection Voice Message Web Service Directory Traversal Vulnerability Source: CCN Type: Cisco Security Notice Cisco Unity Connection Directory Traversal Vulnerability Source: CISCO Type: Vendor Advisory 20131017 Cisco Unity Connection Directory Traversal Vulnerability Source: CCN Type: OSVDB ID: 98720 Cisco Unity Connection Filename Field Handling Traversal Arbitrary File Creation Source: CCN Type: BID-63206 Cisco Unity Connection CVE-2013-5534 Directory Traversal Vulnerability Source: XF Type: UNKNOWN cisco-unity-cve20135534-dir-traversal(88111) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||