CVE-2014-3317 — Path Traversal in Cisco Unified Communications Manager

CWE-22 — Path Traversal7 documents7 sources

Severity

5.5MEDIUMNVD

EPSS

2.7%

top 14.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedJul 14

Latest updateJan 13

Description

Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages1 packages

▶NVDcisco/unified_communications_manager10.0\(1\)

🔴Vulnerability Details

OSV

f2fs: fix to avoid updating compression context during writeback↗2026-01-13

▶

GHSA

GHSA-vgm7-45xx-wjr7: Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10↗2022-05-17

▶

CVEList

CVE-2014-3317: Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10↗2014-07-14

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager DNA Path Traversal Vulnerability↗2014-07-10

▶