CVE-2013-5534

Cisco Unity Connection - Path Traversal

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.

References (1)

Core 1
Core References

Scores

EPSS 0.0147
EPSS Percentile 70.5%

Details

CWE
CWE-22
Status published
Products (1)
cisco/unity_connection
Published Oct 19, 2013
Tracked Since Feb 18, 2026