Vulnerability Description
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | < 14su1 |
| Cisco | Unified Communications Manager Im And Presence Service | < 14su1 |
| Cisco | Unity Connection | < 14su1 |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cPatchVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cPatchVendor Advisory
FAQ
What is CVE-2021-34701?
CVE-2021-34701 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unif...
How severe is CVE-2021-34701?
CVE-2021-34701 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-34701?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager, Cisco Unified Communications Manager Im And Presence Service, Cisco Unity Connection.