Cisco Bug: CSCur49414 - PSIRT: Reporter Servlet allows access to contents of local files
Nov 14, 2015
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
10.5(1.10000.7) 10.5(2.10000.5) 8.5(1.10000.26) 8.6(2.10000.30) 9.1(2.10000.28)
Symptom: The vulnerability is due to a failure to properly restrict paths passed to a specific API command. An authenticated attacker could exploit the vulnerability by providing the absolute path to the file of interest to the affected API command. Conditions: Reporter Servlet provides access to authenticated users to view the contents of some of the system files as well.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases