CVE-2013-5534

Published Oct 19, 2013

Last updated 11 years ago

Overview

Description: Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
Source: ykramarz@cisco.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-22

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:unity_connection:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0368C678-72A4-4F48-B31D-77A6BDAAC4DE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References