CVE-2014-8008
published 2015-01-22CVE-2014-8008: Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated…
PriorityP345medium6.8CVSS 2.0
AVNACLAuSCCINAN
EXPLOIT
EPSS
8.44%
94.3th percentile
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:C/I:N/A:N
vendor_cisco6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mv47-v724-6j22: Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authent
ghsa_unreviewed·2022-05-17
CVE-2014-8008 [MEDIUM] CWE-200 GHSA-mv47-v724-6j22: Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authent
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
Cisco
Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability
vendor_cisco·2015-02-19·CVSS 6.8
CVE-2014-8008 [MEDIUM] CWE-200 Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability
Cisco Unified Communications Manager Real-Time Monitoring Tool File Disclosure Vulnerability
A vulnerability in the application programming interface (API) that supports the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager could allow an authenticated, remote attacker to access the contents of arbitrary files on an affected device.
The vulnerability is due to a failure to properly restrict paths passed to a specific API command. An attacker could exploit the vulnerability by providing the affected API command with the absolute path to the file of interest.
This vulnerability was reported to Cisco by Vantage Point.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must authentica
No detection rules found.
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008http://www.securityfocus.com/bid/72263http://www.securitytracker.com/id/1031604https://tools.cisco.com/security/center/viewAlert.x?alertId=37111http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-8008http://www.securityfocus.com/bid/72263http://www.securitytracker.com/id/1031604https://tools.cisco.com/security/center/viewAlert.x?alertId=37111
2015-01-22
Published