CVE-2017-6629

CWE-22Path Traversal4 documents4 sources
Severity
5.3MEDIUM
EPSS
1.1%
top 21.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedMay 3
Latest updateMay 17

Description

A vulnerability in the ImageID parameter of Cisco Unity Connection 10.5(2) could allow an unauthenticated, remote attacker to access files in arbitrary locations on the filesystem of an affected device. The issue is due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. Cisco Bug IDs: CSCvd90118.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5cisco_unity_connectionCisco Unity Connection
NVDcisco/unity_connection10.5\(2\)

🔴Vulnerability Details

2
GHSA
GHSA-wx4p-4jh3-33cj: A vulnerability in the ImageID parameter of Cisco Unity Connection 102022-05-17
CVEList
CVE-2017-6629: A vulnerability in the ImageID parameter of Cisco Unity Connection 102017-05-03

📋Vendor Advisories

1
Cisco
Cisco Unity Connection ImageID Parameter Unauthorized Access Vulnerability2017-05-03
CVE-2017-6629 (MEDIUM CVSS 5.3) | A vulnerability in the ImageID para | cvebase.io