HTTP: Cisco Unified Communications Manager IVRGetAudioFile.do Directory Traversal
This signature detects attempts to exploit directory traversal vulnerability in the IVRGetAudioFile.do script of Cisco Unified Communications Manager (CUCM). A successful attack can result in arbitrary code execution and/or loss of sensitive information.
Extended Description
Multiple Cisco products are prone to a directory-traversal vulnerability. Exploiting this issue will allow an attacker to read arbitrary files from locations outside of the application's current directory. This could help the attacker launch further attacks. This issue is tracked by Cisco BugID CSCts44049 and CSCth09343. The following products are affected: Cisco Unified IP Interactive Voice Response Cisco Unified Contact Center Express Cisco Unified Communications Manager
Affected Products
Cisco unified_contact_center_express_(ccx)
Short Name
HTTP:CISCO:CUCM-DIR-TRAV
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2011-3315 Cisco Communications Directory IVRGetAudioFile.do Manager Traversal Unified bid:50372
Release Date
11/16/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Cisco
CVSS Score
7.8