Preview Tool

Cisco Bug: CSCur49414 - PSIRT: Reporter Servlet allows access to contents of local files

Last Modified

Nov 14, 2015

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

10.5(1.10000.7) 10.5(2.10000.5) 8.5(1.10000.26) 8.6(2.10000.30) 9.1(2.10000.28)

Description (partial)

The vulnerability is due to a failure to properly restrict paths passed to a specific API command.  An authenticated attacker could exploit the vulnerability by providing the absolute path to the file of interest to the affected API command.

Reporter Servlet provides access to authenticated users to view the contents of some of the system files as well.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.