CVE-2013-6688 — Path Traversal in Cisco Unified Communications Manager

CWE-22 — Path Traversal4 documents4 sources

Severity

6.3MEDIUMNVD

EPSS

0.3%

top 44.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedNov 18

Latest updateMay 17

Description

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Manager 9.1(1) and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222.

CVSS vector

AV:N/AC:M/C:N/I:C/A:NExploitability: 6.8 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/unified_communications_manager9.1\(1\)+112

🔴Vulnerability Details

GHSA

GHSA-cxvm-h59v-mjq9: Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Ma↗2022-05-17

▶

CVEList

CVE-2013-6688: Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager (ELM) component in Cisco Unified Communications Ma↗2013-11-16

▶

📋Vendor Advisories

Cisco

Cisco Enterprise License Manager Path Traversal Vulnerability↗2013-11-13

▶