Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability

A vulnerability in the application programming interface (API) that supports the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access the contents of arbitrary files on an affected device.

The vulnerability is due to a failure to properly restrict paths passed to a specific API command. An attacker could exploit the vulnerability by providing the affected API command with the absolute path to the file of interest.

This vulnerability was reported to Cisco by Vantage Point.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement may reduce the possibility of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.