1. Home
  2. CVE Database
  3. CVE-2014-3317
MEDIUM · 5.5

CVE-2014-3317

Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arb...

Vulnerability Description

Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arbitrary files via a crafted URL, aka Bug ID CSCup76314.

CVSS Score

5.5

MEDIUM

AV:N/AC:L/Au:S/C:N/I:P/A:P
Confidentiality
NONE
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
CiscoUnified Communications Manager10.0\(1\)

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2014-3317?

CVE-2014-3317 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Directory traversal vulnerability in the Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager 10.0(1) allows remote authenticated users to delete arb...

How severe is CVE-2014-3317?

CVE-2014-3317 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3317?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager.