CVE-2020-3177

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) (affected versions not specified)

Description A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) interface could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The issue is due to insufficient validation of user-supplied input to the TAPS interface. An attacker could exploit this by sending a crafted request to the TAPS interface, potentially allowing them to read arbitrary files in the system.

Recommendations For Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME), consider restricting access to the TAPS interface until a patch is available. As a temporary workaround, consider disabling the TAPS interface to minimize the risk of exploitation. Avoid using the TAPS interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.