CVE-2014-2145

Directory traversal vulnerability in the messaging API in Cisco Unity Connection allows remote authenticated users to read arbitrary files via vectors related to unenforced access constraints for .wav files and the audio/x-wav MIME type, aka Bug ID CSCun91071.

Severity	MEDIUM
CVSS	4.0
CWE	CWE-22
KEV
Published	12 years ago
Modified	1 week ago

Related Products

Product	Advisory
Cisco Wide Area Virtualization Engines Series	Cisco-SA-20140407-CVE-2014-2145
Cisco Wide Area Application Services Software	Cisco-SA-20140407-CVE-2014-2145
Cisco Wide Area Application Services Appliances	Cisco-SA-20140407-CVE-2014-2145
Cisco Nexus Dashboard	Cisco-SA-20140407-CVE-2014-2145
Cisco Application Centric Infrastructure Virtual Edge	Cisco-SA-20140407-CVE-2014-2145
Cisco Unity Connection	Cisco-SA-20140407-CVE-2014-2145
Cisco Unity	Cisco-SA-20140407-CVE-2014-2145