Cisco Unified Contact Center Express directory traversal

[EN] securityvulns.ru
no-pyccku

Cisco Unified Contact Center Express directory traversal
Published: 15.06.2010
Source: BUGTRAQ
SecurityVulns ID: 10934
Type: remote
Level: 6/10
Description: Directory traversal in TCP/6295 service, DoS.

Affected: CISCO : Cisco Unified Contact Center Express 8.0
CISCO : Cisco Unified Contact Center Express 7.0
CISCO : Cisco Unified Contact Center Express 6.0
CISCO : Cisco Unified Contact Center Express 5.0
CVE: CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.)
CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), 6.0 before 6.0(1)SR1, and 5.0 before 5.0(2)SR3 allows remote attackers to cause a denial of service (CTI server and Node Manager failure) via a malformed CTI message.)

Original document CISCO, Cisco Security Advisory: Vulnerabilities in Cisco Unified Contact Center Express (15.06.2010)

Discuss: Read or add your comments to this news (0 comments)