Boletines de Vulnerabilidades

Cisco Unified Communications Products Arbitrary File Read Vulnerability


Información sobre el sistema

   
Software afectado Cisco

Descripción

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request

More info:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucm-file-read-h8h4HEJ3?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Communications%20Products%20Arbitrary%20File%20Read%20Vulnerability&vs_k=1

Identificadores estándar

Propiedad Valor
CVE CVE-2022-20790.

Histórico de versiones

Versión Comentario Data
1.0 Advisory issued 2023-08-03
Ministerio de Defensa
CNI
CCN
CCN-CERT