Lucene search

CiscoCVE-2013-5528

HistoryOct 11, 2013 - 3:54 a.m.

CVE-2013-5528

2013-10-1103:54:53

CWE-22

cisco

web.nvd.nist.gov

cve-2013-5528

directory traversal

tomcat

cisco unified communications manager

authentication

remote

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.

Affected configurations

Nvd

Node

ciscounified_communications_manager

VendorProductVersionCPE
ciscounified_communications_manager*cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	*	cpe:2.3:a:cisco:unified_communications_manager::::::::

References

osvdb.org/98336

packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528

www.securityfocus.com/bid/62960

www.exploit-db.com/exploits/40887/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.007

Percentile

80.7%

JSON

Related for CVE-2013-5528