Cisco Unified Communications Manager Directory Traversal Flaw Lets Remote Users Obtain Files.
Cisco Unified Communications Manager 6.x, 7.x and 8.x
A vulnerability was reported in Cisco Unified Communications Manager.
A remote user can view files on the target system. The software does not properly validate user-supplied input. A remote user can supply a specially crafted request to obtain arbitrary files on the target system.
Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to retrieve arbitrary files from the filesystem.
Cisco has released free software updates that address this vulnerability. Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Log In or Download Software