CVE-2010-1571 — Path Traversal in Cisco Customer Response Solution

CWE-22 — Path Traversal CWE-3996 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 43.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Customer Response Solution Cisco Unified Contact Center Express Cisco Unified IP Interactive Voice Response

Timeline

PublishedJun 10

Latest updateMay 17

Description

Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDcisco/unified_contact_center_express5.0, 6.0, 7.0+2

▶NVDcisco/unified_ip_interactive_voice_response5.0, 6.0, 7.0+2

▶NVDcisco/customer_response_solution5.0, 6.0, 7.0+2

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-cmmh-79gj-wg2r: Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7↗2022-05-17

▶

CVEList

CVE-2010-1571: Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7↗2010-06-10

▶

📋Vendor Advisories

Cisco

Vulnerabilities in Cisco Unified Contact Center Express↗2010-06-09

▶

Red Hat

Mozilla incorrectly frees used memory (MFSA 2010-03)↗2010-02-17

▶