A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
History

Thu, 07 Nov 2024 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2021-11-04T15:40:34.136535Z

Updated: 2024-11-07T21:42:34.419Z

Reserved: 2021-06-15T00:00:00

Link: CVE-2021-34701

cve-icon Vulnrichment

Updated: 2024-08-04T00:19:48.082Z

cve-icon NVD

Status : Modified

Published: 2021-11-04T16:15:08.427

Modified: 2024-11-21T06:10:59.190

Link: CVE-2021-34701

cve-icon Redhat

No data.