A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.
Metrics
Affected Vendors & Products
References
History
Fri, 15 Nov 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2020-04-15T20:10:20.904083Z
Updated: 2024-11-15T17:31:41.239Z
Reserved: 2019-12-12T00:00:00
Link: CVE-2020-3177
Vulnrichment
Updated: 2024-08-04T07:24:00.625Z
NVD
Status : Modified
Published: 2020-04-15T21:15:35.263
Modified: 2024-11-21T05:30:29.297
Link: CVE-2020-3177
Redhat
No data.