CVE-2011-3315

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (CUCM) versions 5.x through 6.x before 6.1(5)SU2 Cisco Unified Communications Manager (CUCM) versions 7.x before 7.1(5b)SU2 Cisco Unified Communications Manager (CUCM) versions 8.x before 8.0(3) Cisco Unified Contact Center Express (UCCX) versions prior to 6.0(1)SR1ES8 Cisco Unified Contact Center Express (UCCX) versions 7.0(x) before 7.0(2)ES1 Cisco Unified Contact Center Express (UCCX) versions 8.0(x) through 8.0(2)SU3 Cisco Unified Contact Center Express (UCCX) versions 8.5(x) before 8.5(1)SU2 Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions prior to 6.0(1)SR1ES8 Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions 7.0(x) before 7.0(2)ES1 Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions 8.0(x) through 8.0(2)SU3 Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions 8.5(x) before 8.5(1)SU2

Description A directory traversal vulnerability allows remote attackers to read arbitrary files via a crafted URL.

Recommendations For Cisco Unified Communications Manager (CUCM) versions 5.x through 6.x before 6.1(5)SU2, update to version 6.1(5)SU2 or later. For Cisco Unified Communications Manager (CUCM) versions 7.x before 7.1(5b)SU2, update to version 7.1(5b)SU2 or later. For Cisco Unified Communications Manager (CUCM) versions 8.x before 8.0(3), update to version 8.0(3) or later. For Cisco Unified Contact Center Express (UCCX) versions prior to 6.0(1)SR1ES8, update to version 6.0(1)SR1ES8 or later. For Cisco Unified Contact Center Express (UCCX) versions 7.0(x) before 7.0(2)ES1, update to version 7.0(2)ES1 or later. For Cisco Unified Contact Center Express (UCCX) versions 8.0(x) through 8.0(2)SU3, update to a version after 8.0(2)SU3. For Cisco Unified Contact Center Express (UCCX) versions 8.5(x) before 8.5(1)SU2, update to version 8.5(1)SU2 or later. For Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions prior to 6.0(1)SR1ES8, update to version 6.0(1)SR1ES8 or later. For Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions 7.0(x) before 7.0(2)ES1, update to version 7.0(2)ES1 or later. For Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions 8.0(x) through 8.0(2)SU3, update to a version after 8.0(2)SU3. For Cisco Unified IP Interactive Voice Response (Unified IP-IVR) versions 8.5(x) before 8.5(1)SU2, update to version 8.5(1)SU2 or later.