Description
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5534
Scores
EPSS
0.0147
EPSS Percentile
70.5%
Details
CWE
CWE-22
Status
published
Products (1)
cisco/unity_connection
Published
Oct 19, 2013
Tracked Since
Feb 18, 2026