A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files from the underlying operating system. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the underlying operating system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2022-04-21T18:50:45.706675Z
Updated: 2024-09-16T18:19:49.631Z
Reserved: 2021-11-02T00:00:00
Link: CVE-2022-20790
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-04-21T19:15:08.687
Modified: 2023-11-07T03:42:57.763
Link: CVE-2022-20790
Redhat
No data.