Vulnerability Details CVE-2011-3315
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.885
EPSS Ranking 99.5%
CVSS Severity
CVSS v2 Score 7.8
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx
Products affected by CVE-2011-3315
-
cpe:2.3:a:cisco:unified_ccx:6.0(1)
-
cpe:2.3:a:cisco:unified_ccx:7.0(1)
-
cpe:2.3:a:cisco:unified_ccx:7.0(2)
-
cpe:2.3:a:cisco:unified_ccx:8.0(1)
-
cpe:2.3:a:cisco:unified_ccx:8.0(2)
-
cpe:2.3:a:cisco:unified_ccx:8.5(1)
-
cpe:2.3:a:cisco:unified_communications_manager:5.0
-
cpe:2.3:a:cisco:unified_communications_manager:5.1
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(1)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(1b)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(1c)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(2)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(2a)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(2b)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(3)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(3a)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(3c)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(3d)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1(3e)
-
cpe:2.3:a:cisco:unified_communications_manager:5.1.2
-
cpe:2.3:a:cisco:unified_communications_manager:6.0
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(1)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(1a)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(1b)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(2)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(2)su1
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(2)su1a
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(3)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(3a)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(3b)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(3b)su1
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(4)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(4)su1
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(4a)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(4a)su2
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(5)
-
cpe:2.3:a:cisco:unified_communications_manager:6.1(5)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.0(1)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.0(1)su1a
-
cpe:2.3:a:cisco:unified_communications_manager:7.0(2)
-
cpe:2.3:a:cisco:unified_communications_manager:7.0(2a)
-
cpe:2.3:a:cisco:unified_communications_manager:7.0(2a)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.0(2a)su2
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(2a)
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(2a)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(2b)
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(2b)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(3)
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(3a)
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(3a)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(3a)su1a
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(3b)
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(3b)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(3b)su2
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(5)
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(5)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(5)su1a
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(5a)
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(5b)
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(5b)su1
-
cpe:2.3:a:cisco:unified_communications_manager:7.1(5b)su1a
-
cpe:2.3:a:cisco:unified_communications_manager:8.0
-
cpe:2.3:a:cisco:unified_communications_manager:8.0(1)
-
cpe:2.3:a:cisco:unified_communications_manager:8.0(2)
-
cpe:2.3:a:cisco:unified_communications_manager:8.0(2a)
-
cpe:2.3:a:cisco:unified_communications_manager:8.0(2b)
-
cpe:2.3:a:cisco:unified_communications_manager:8.0(2c)
-
cpe:2.3:a:cisco:unified_communications_manager:8.0(2c)su1
-
cpe:2.3:a:cisco:unified_ip_ivr:6.0(1)
-
cpe:2.3:a:cisco:unified_ip_ivr:7.0(1)
-
cpe:2.3:a:cisco:unified_ip_ivr:7.0(2)
-
cpe:2.3:a:cisco:unified_ip_ivr:8.0(1)
-
cpe:2.3:a:cisco:unified_ip_ivr:8.0(2)
-
cpe:2.3:a:cisco:unified_ip_ivr:8.5(1)
-
cpe:2.3:h:cisco:unified_ip_interactive_voice_response:-