CVE-2013-1224
Cisco Unified Customer Voice Portal < 9.0(1) - Path Traversal and Arbitrary File Write via Resource Manager
Title source: llmDescription
Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
Scores
EPSS
0.0212
EPSS Percentile
79.6%
Details
CWE
CWE-22
Status
published
Products (11)
cisco/unified_customer_voice_portal
3.0 sr1 (2 CPE variants)
cisco/unified_customer_voice_portal
3.6\(10\) es01
cisco/unified_customer_voice_portal
4.0
cisco/unified_customer_voice_portal
4.0\(2\) (2 CPE variants)
cisco/unified_customer_voice_portal
4.1
cisco/unified_customer_voice_portal
7.0
cisco/unified_customer_voice_portal
7.0\(2\)
cisco/unified_customer_voice_portal
8.0\(1\)
cisco/unified_customer_voice_portal
8.5\(1\)
cisco/unified_customer_voice_portal
9.0
... and 1 more
Published
May 09, 2013
Tracked Since
Feb 18, 2026