Vulnerability identifier: #VU7673

Vulnerability risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6758

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Unified Communications Manager (CallManager)
Server applications / Remote management servers, RDP, SSH

Vendor: Cisco Systems, Inc

Description
The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information on the target system.

The weakness exists in the web framework of Cisco Unified Communications Manager due to insufficient input validation. A remote attacker can use directory traversal techniques to read files in the web root directory structure on the Cisco Unified Communications Manager filesystem.

Successful exploitation of the vulnerability results in information disclosure.

Mitigation
The vulnerability is addressed in the following versions: UCMAP.12.0(0.98000.339), UCMAP.12.0(0.98000.338), UCMAP.11.6(2.10000.6), CUP.12.0(0.98000.1002), CUP.12.0(0.98000.1000), CUP.11.5(1.13900.42), CUC.12.0(0.97000.263.), CCM.12.0(0.98000.767), CCM.12.0(0.98000.765), CCM.11.5(1.13900.38).

Vulnerable software versions

Unified Communications Manager (CallManager): 11.5.1.10000.6

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-ucm1

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.