CVE-2017-6758

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager version 11.5(1.10000.6)

Description A vulnerability in the web framework could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The issue is due to insufficient input validation by the affected software. An attacker could exploit this by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem.

Recommendations For Cisco Unified Communications Manager version 11.5(1.10000.6), update to a fixed version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.