CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:C/I:N/A:N
EPSS
Percentile
54.9%
A vulnerability in the Real-Time Monitoring Tool (RTMT) of Cisco Unified Communications Manager (Cisco Unified CM) could allow an authenticated, remote attacker to download files from arbitrary locations on the filesystem.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting crafted URL requests to a vulnerable device.
Cisco has confirmed the vulnerability in a security notice; however, software updates are not available.
Although an attacker must authenticate to an affected device to exploit this vulnerability, the attacker could persuade an authenticated user to click a malicious link by using misleading language and instructions in an attempt to exploit the vulnerability.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_communications_manager | any | cpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:* |