Vigil@nce - Cisco Unified Communications Manager: directory traversal of Real-Time Monitoring Tool
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can traverse directories in the Real-Time Monitoring
Tool API of Cisco Unified Communications Manager, in order to read
a file outside the service root path.
Impacted products: Cisco CUCM
Severity: 2/4
Creation date: 22/01/2015
DESCRIPTION OF THE VULNERABILITY
The Cisco Unified Communications Manager product offers an API for
RTMT (Real-Time Monitoring Tool).
However, user’s data are directly inserted in an access path.
Absolute paths can thus be used to go in the upper directory.
An attacker can therefore traverse directories in the Real-Time
Monitoring Tool API of Cisco Unified Communications Manager, in
order to read a file outside the service root path.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN