CVE-2011-1607

medium

Description

Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/67127

http://www.vupen.com/english/advisories/2011/1122

http://www.securitytracker.com/id?1025449

http://www.securityfocus.com/bid/47608

http://www.cisco.com/en/US/products/products_security_advisory09186a0080b79904.shtml

http://secunia.com/advisories/44331

http://archives.neohapsis.com/archives/fulldisclosure/2011-05/0051.html

Details

Source: Mitre, NVD

Published: 2011-05-03

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium

EPSS

EPSS: 0.00636