Vigil@nce - Cisco Unified Communications Manager: directory traversal via TAPS

June 2020 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

Impacted products: Cisco CUCM.

Severity: 2/4.

Consequences: data reading.

Provenance: intranet client.

Confidence: confirmed by the editor (5/5).

Creation date: 16/04/2020.

DESCRIPTION OF THE VULNERABILITY

An attacker can traverse directories via TAPS of Cisco Unified Communications Manager, in order to read a file outside the service root path.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

