← back
CVE-2017-6758

CVE-2017-6758

EPSS 3.8%CWE-22
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 3.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Aug 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability in the web framework of Cisco Unified Communications Manager 11.5(1.10000.6) could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected software. An attacker could exploit this vulnerability by using directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem. Cisco Bug IDs: CSCve13796.
Affected products
n/a · Cisco Unified Communications Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://quickview.cloudapps.cisco.com/quickview/bug/CSCve13796https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1http://www.securityfocus.com/bid/100119http://www.securitytracker.com/id/1039064