CVE-2020-3130Path Traversal in Cisco Unity Connection

CWE-22Path TraversalCWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 71.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Unity ConnectionCisco Unity Connection
Timeline
PublishedSep 23
Latest updateMay 24

Description

A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

NVDcisco/unity_connection11.011.5su7+1

🔴Vulnerability Details

2
GHSA
GHSA-3rxc-xqq7-hm3h: A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the under2022-05-24
CVEList
Cisco Unity Connection Directory Traversal Vulnerability2020-09-23

📋Vendor Advisories

1
Cisco
Cisco Unity Connection Directory Traversal Vulnerability2020-01-22
CVE-2020-3130 — Path Traversal in Cisco | cvebase