CVE-2013-5528

NUCLEI

Cisco Unified Communications Manager - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-5528. PoCs published by justpentest. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Cisco Unified Communications Manager's Administrative Web Interface, allowing an authenticated attacker to read arbitrary files accessible to the Apache Tomcat service account.

Description

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.

Exploits (1)

exploitdb WORKING POC

by justpentest · textwebappshardware

https://www.exploit-db.com/exploits/40887

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Cisco Unified Communications Manager's Administrative Web Interface, allowing an authenticated attacker to read arbitrary files accessible to the Apache Tomcat service account.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cisco Unified Communications Manager Administrative Web Interface (7.x, 8.x, 9.x unpatched)

Auth required

Prerequisites: Authenticated access to the Cisco Unified Communications Manager Administrative Web Interface

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Cisco Unified Communications Manager 7/8/9 - Directory Traversal

MEDIUMby daffainfo

References (5)

Core 5

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40887/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.html

Broken Link vdb-entry x_refsource_osvdb

http://osvdb.org/98336

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/62960

Vendor Advisory vendor-advisory x_refsource_cisco

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528

Scores

EPSS 0.6150

EPSS Percentile 98.4%

Details

CWE

CWE-22

Status published

Products (1)

cisco/unified_communications_manager

Published Oct 11, 2013

Tracked Since Feb 18, 2026