Lucene search

CiscoCVELIST:CVE-2020-3130

HistorySep 23, 2020 - 12:25 a.m.

CVE-2020-3130 Cisco Unity Connection Directory Traversal Vulnerability

2020-09-2300:25:39

CWE-22

cisco

www.cve.org

cve-2020-3130

cisco unity connection

directory traversal

input validation

http request

remote attacker

filesystem

administrator credentials

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

44.9%

JSON

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system.

CNA Affected

[
  {
    "product": "Cisco Unity Connection",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-dirtrv-M9HpnME4

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

44.9%

JSON

Related for CVELIST:CVE-2020-3130