CVE-2011-3315

EXPLOITED NUCLEI

Cisco Unified Communications Manager 5.x-8.x Path Traversal via Crafted URL

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2011-3315 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including Sandro Gauci. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in multiple Cisco products, allowing an attacker to read arbitrary files outside the intended directory. The PoC provides example URLs to fetch sensitive files like /etc/passwd and platformConfig.xml.

Description

Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Sandro Gauci · textremotehardware
https://www.exploit-db.com/exploits/36256

This exploit demonstrates a directory traversal vulnerability in multiple Cisco products, allowing an attacker to read arbitrary files outside the intended directory. The PoC provides example URLs to fetch sensitive files like /etc/passwd and platformConfig.xml.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Cisco Unified IP Interactive Voice Response, Cisco Unified Contact Center Express, Cisco Unified Communications Manager
No auth needed
Prerequisites: Network access to the vulnerable Cisco application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/threat9/routersploit

This repository contains the RouterSploit framework, an exploitation toolkit for embedded devices, including modules for exploits, credential testing, scanners, and payloads. The framework is designed to test and exploit vulnerabilities in routers and other embedded systems.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Embedded devices (routers, cameras, etc.)
No auth needed
Prerequisites: Python 3.6+ · Network access to target device
devstral-2 · analyzed Feb 25, 2026 Full analysis →

Nuclei Templates (1)

Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal
HIGHby daffainfo

References (2)

Core 2

Scores

EPSS 0.5115
EPSS Percentile 97.9%

Details

VulnCheck KEV 2025-07-31
CWE
CWE-22
Status published
Products (50)
cisco/unified_communications_manager 5.0
cisco/unified_communications_manager 5.1
cisco/unified_communications_manager 5.1\(1\)
cisco/unified_communications_manager 5.1\(1b\)
cisco/unified_communications_manager 5.1\(1c\)
cisco/unified_communications_manager 5.1\(2\)
cisco/unified_communications_manager 5.1\(2a\)
cisco/unified_communications_manager 5.1\(2b\)
cisco/unified_communications_manager 5.1\(3\)
cisco/unified_communications_manager 5.1\(3a\)
... and 40 more
Published Oct 27, 2011
Tracked Since Feb 18, 2026