A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.
Metrics
Affected Vendors & Products
References
History
Wed, 06 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2022-04-21T18:50:45.706675Z
Updated: 2024-11-06T16:22:18.650Z
Reserved: 2021-11-02T00:00:00
Link: CVE-2022-20790
Vulnrichment
Updated: 2024-08-03T02:24:49.657Z
NVD
Status : Modified
Published: 2022-04-21T19:15:08.687
Modified: 2024-11-21T06:43:33.717
Link: CVE-2022-20790
Redhat
No data.