PT-2010-3242 · Cisco · Cisco Unified Contact Center Express
Published
2010-06-10
·
Updated
2017-08-17
·
CVE-2010-1571
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Unified Contact Center Express (UCCX) versions 5.0 through 5.0(2)SR3
Cisco Unified Contact Center Express (UCCX) versions 6.0
Cisco Unified Contact Center Express (UCCX) versions 7.0 through 7.0(1)SR4
Cisco Unified Contact Center Express (UCCX) version 7.0(2)
Description
A directory traversal issue in the bootstrap service allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
Recommendations
For Cisco Unified Contact Center Express (UCCX) versions 5.0 through 5.0(2)SR3, update to version 5.0(2)SR3 or later.
For Cisco Unified Contact Center Express (UCCX) versions 6.0, update to a version that is not affected by this issue.
For Cisco Unified Contact Center Express (UCCX) versions 7.0 through 7.0(1)SR4, update to version 7.0(1)SR4 or later.
For Cisco Unified Contact Center Express (UCCX) version 7.0(2), update to a version that is not affected by this issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Unified Contact Center Express