CVE-2014-3319 — Path Traversal in Cisco Unified Communications Manager

CWE-22 — Path Traversal CWE-416 — Use After Free5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.5%

top 34.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedJul 14

Latest updateMay 17

Description

Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676.

CVSS vector

AV:N/AC:L/C:C/I:N/A:NExploitability: 8.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/unified_communications_manager10.0\(1\)

🔴Vulnerability Details

GHSA

GHSA-m8cw-q6xj-6rv6: Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10↗2022-05-17

▶

CVEList

CVE-2014-3319: Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10↗2014-07-14

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Real-Time Monitoring Tool Path Traversal Vulnerability↗2014-07-11

▶