CVE-2013-5534
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.
Vulnerabilidad de salto de directorio en el servicio de adjuntos en el Voice Message Web Service (también conocido como VMWS o Cisco Unity Web Service) en Cisco Unity Connection permite a usuarios remotamente auenticados crear ficheros y consecuentemente ejecutar código JSP arbitrario, a través de una ruta de fichero manipulada para un fichero que no es un fichero de audio válido, también conocido como Bug ID CSCuj22948.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-08-22 CVE Reserved
- 2013-10-19 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5534 | 2013-10-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Unity Connection Search vendor "Cisco" for product "Unity Connection" | - | - |
Affected
| ||||||