Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2017-6629 |
CWE-ID | CWE-22 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Cisco Unity Connection Client/Desktop applications / Messaging software |
Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU6426
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6629
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows an unauthenticated, remote attacker to obtain potentially sensitive information.
The weakness exists due to improper sanitization of user-supplied input in HTTP POST parameters that describe filenames. A remote attacker can use directory traversal techniques to submit a path to a desired file location and access files on the filesystem of an affected device.
Successful exploitation of the vulnerability may result in information disclosure.
Install update from vendor's website.
Cisco Unity Connection: 10.5.2
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cuc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.