CVE-2010-1571
Cisco Security Advisory 20100609-uccx
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
Vulnerabilidad de salto de directorio en el servicio bootstrap en Cisco Unified Contact Center Express (UCCX) v7.0 anterior v7.0(1)SR4 y 7.0(2), no especificadas versiones v6.0, y v5.0 anterior v5.0(2)SR3 permite a atacantes remotos leer ficheros de su elección a través de un mensaje bootstrap manipulado en el puerto TCP 6295
Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of service (DoS) vulnerability and a directory traversal vulnerability. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-04-27 CVE Reserved
- 2010-06-10 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/40680 | Vdb Entry | |
| http://www.securitytracker.com/id?1024082 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59277 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.shtml | 2017-08-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unified Contact Center Express Search vendor "Cisco" for product "Unified Contact Center Express" | 5.0 Search vendor "Cisco" for product "Unified Contact Center Express" and version "5.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Contact Center Express Search vendor "Cisco" for product "Unified Contact Center Express" | 6.0 Search vendor "Cisco" for product "Unified Contact Center Express" and version "6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Contact Center Express Search vendor "Cisco" for product "Unified Contact Center Express" | 7.0 Search vendor "Cisco" for product "Unified Contact Center Express" and version "7.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Customer Response Solution Search vendor "Cisco" for product "Customer Response Solution" | 5.0 Search vendor "Cisco" for product "Customer Response Solution" and version "5.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Customer Response Solution Search vendor "Cisco" for product "Customer Response Solution" | 6.0 Search vendor "Cisco" for product "Customer Response Solution" and version "6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Customer Response Solution Search vendor "Cisco" for product "Customer Response Solution" | 7.0 Search vendor "Cisco" for product "Customer Response Solution" and version "7.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Ip Interactive Voice Response Search vendor "Cisco" for product "Unified Ip Interactive Voice Response" | 5.0 Search vendor "Cisco" for product "Unified Ip Interactive Voice Response" and version "5.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Ip Interactive Voice Response Search vendor "Cisco" for product "Unified Ip Interactive Voice Response" | 6.0 Search vendor "Cisco" for product "Unified Ip Interactive Voice Response" and version "6.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Ip Interactive Voice Response Search vendor "Cisco" for product "Unified Ip Interactive Voice Response" | 7.0 Search vendor "Cisco" for product "Unified Ip Interactive Voice Response" and version "7.0" | - |
Affected
| ||||||