1. Home
  2. CVE Database
  3. CVE-2011-1607
MEDIUM · 6.5

CVE-2011-1607

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) all...

Vulnerability Description

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
CiscoUnified Communications Manager6.0

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2011-1607?

CVE-2011-1607 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) all...

How severe is CVE-2011-1607?

CVE-2011-1607 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-1607?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager.