CVE-2013-5534

Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.

Severity	MEDIUM
CVSS	4.0
CWE	CWE-22
KEV
Published	12 years ago
Modified	2 weeks ago

Related Products

Product	Advisory
Cisco RV Series Routers	Cisco-SA-20131018-CVE-2013-5534
Cisco Nexus Dashboard	Cisco-SA-20131018-CVE-2013-5534
Cisco Application Centric Infrastructure Virtual Edge	Cisco-SA-20131018-CVE-2013-5534
Cisco Unity Connection	Cisco-SA-20131018-CVE-2013-5534
Cisco Unity	Cisco-SA-20131018-CVE-2013-5534