CVE-2011-1607

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 6.x through 6.1(5)su2 Cisco Unified Communications Manager versions 7.x through 7.1(5b)su2 Cisco Unified Communications Manager versions 8.0 through 8.0(3a)su0 Cisco Unified Communications Manager versions 8.5 through 8.5(0)

Description The issue allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request.

Recommendations For versions 6.x through 6.1(5)su2, update to version 6.1(5)su3 or later. For versions 7.x through 7.1(5b)su2, update to version 7.1(5b)su3 or later. For versions 8.0 through 8.0(3a)su0, update to version 8.0(3a)su1 or later. For versions 8.5 through 8.5(0), update to version 8.5(1) or later.