| Vulnerability Name: | CVE-2014-2145 (CCN-92327) | ||||||||
| Assigned: | 2014-04-04 | ||||||||
| Published: | 2014-04-04 | ||||||||
| Updated: | 2015-09-16 | ||||||||
| Summary: | Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N) 3.0 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-22 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2014-2145 Source: CCN Type: Cisco Security Notice Cisco Unity Connection Directory Traversal Vulnerability Source: CISCO Type: Vendor Advisory 20140404 Cisco Unity Connection Directory Traversal Vulnerability Source: BID Type: UNKNOWN 66676 Source: CCN Type: BID-66676 Cisco Unity Connection CVE-2014-2145 Directory Traversal Vulnerability Source: XF Type: UNKNOWN cisco-unity-cve20142145-dir-trav(92327) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||