CVE-2011-3315
EXPLOITED NUCLEICisco Unified IP Interactive Voice Response - Path Traversal
Title source: ruleDescription
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Sandro Gauci · textremotehardware
https://www.exploit-db.com/exploits/36256
Nuclei Templates (1)
Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
HIGHby daffainfo
Scores
EPSS
0.5744
EPSS Percentile
98.2%
Details
VulnCheck KEV
2025-07-31
CWE
CWE-22
Status
published
Products (50)
cisco/unified_communications_manager
5.0
cisco/unified_communications_manager
5.1
cisco/unified_communications_manager
5.1\(1\)
cisco/unified_communications_manager
5.1\(1b\)
cisco/unified_communications_manager
5.1\(1c\)
cisco/unified_communications_manager
5.1\(2\)
cisco/unified_communications_manager
5.1\(2a\)
cisco/unified_communications_manager
5.1\(2b\)
cisco/unified_communications_manager
5.1\(3\)
cisco/unified_communications_manager
5.1\(3a\)
... and 40 more
Published
Oct 27, 2011
Tracked Since
Feb 18, 2026