CVE-2020-3177
HIGHCisco Unified Communications Manager - Unauthenticated Path Traversal via TAPS Interface
Title source: llmDescription
A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r
Scores
CVSS v3
7.5
EPSS
0.0095
EPSS Percentile
76.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (5)
cisco/unified_communications_manager
10.5\(2.10000.5\)
cisco/unified_communications_manager
11.5\(1.10000.6\)
cisco/unified_communications_manager
12.0\(1.10000.10\)
cisco/unified_communications_manager
12.5\(1.10000.22\)
cisco/unified_contact_center_express
12.0\(1\)
Published
Apr 15, 2020
Tracked Since
Feb 18, 2026