Description
Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66676
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2145
Scores
EPSS
0.0163
EPSS Percentile
73.2%
Details
CWE
CWE-22
Status
published
Products (1)
cisco/unity_connection
Published
Apr 05, 2014
Tracked Since
Feb 18, 2026