CVE-2021-34701

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions (affected versions not specified) Cisco Unified Communications Manager Session Management Edition versions (affected versions not specified) Cisco Unified Communications Manager IM & Presence Service versions (affected versions not specified) Cisco Unity Connection versions (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to access sensitive data on an affected device. This issue exists because the interface does not properly validate user-supplied input. An attacker could exploit this by sending a crafted HTTP request containing directory traversal character sequences to an affected system, potentially allowing access to sensitive files.

Recommendations For Cisco Unified Communications Manager, consider disabling the web-based management interface until a patch is available. For Cisco Unified Communications Manager Session Management Edition, restrict access to the management interface to minimize the risk of exploitation. For Cisco Unified Communications Manager IM & Presence Service, avoid using the web-based management interface for sensitive operations until the issue is resolved. For Cisco Unity Connection, as a temporary workaround, limit access to the management interface to authorized personnel only. At the moment, there is no information about a newer version that contains a fix for this vulnerability.