CVE-2011-1607

Cisco Unified Communications Manager <6.1.5su3-8.5.1 - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67127
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/1122
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44331
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025449
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/47608

Scores

EPSS 0.0226
EPSS Percentile 80.9%

Details

CWE
CWE-22
Status published
Products (45)
cisco/unified_communications_manager 6.0
cisco/unified_communications_manager 6.1\(1\)
cisco/unified_communications_manager 6.1\(1a\)
cisco/unified_communications_manager 6.1\(1b\)
cisco/unified_communications_manager 6.1\(2\)
cisco/unified_communications_manager 6.1\(2\)su1
cisco/unified_communications_manager 6.1\(2\)su1a
cisco/unified_communications_manager 6.1\(3\)
cisco/unified_communications_manager 6.1\(3a\)
cisco/unified_communications_manager 6.1\(3b\)
... and 35 more
Published May 03, 2011
Tracked Since Feb 18, 2026