CVE-2013-5528
CVE-2013-5528
Vexday Risk Score
43Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 23.3%KEV nãoPoC públicaNuclei simMetasploit —Patch referenciado
Lifecycle
11 Oct 2013Published on NVD
07 Dec 2016Public PoC
Weaponization speed
1153 daysto first PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.htmlunverifiedcve_referencewww.exploit-db.com/exploits/40887/unverifiedexploitdbwww.exploit-db.com/exploits/40887unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://osvdb.org/98336http://packetstormsecurity.com/files/140071/Cisco-Unified-Communications-Manager-7-8-9-Directory-Traversal.htmlhttps://www.exploit-db.com/exploits/40887/http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528http://www.securityfocus.com/bid/62960