A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2021-11-04T15:40:34.136535Z
Updated: 2024-11-07T21:42:34.419Z
Reserved: 2021-06-15T00:00:00
Link: CVE-2021-34701
Vulnrichment
Updated: 2024-08-04T00:19:48.082Z
NVD
Status : Modified
Published: 2021-11-04T16:15:08.427
Modified: 2024-11-21T06:10:59.190
Link: CVE-2021-34701
Redhat
No data.