CVE-2021-34701
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to access sensitive data on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.
EPSS 0.09% · 25.6th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Unity Connection | * |
| cisco | unified_communications_manager | 0, 0 |
| cisco | unity_connection | 0 |
| cisco | unified_communications_manager_im_and_presence_service | 0 |
Exploit Intelligence
Timeline
- Nov 3, 2021 CVE Published
- Nov 5, 2021 EPSS Score
- Dec 31, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 21, 2022 EPSS Score
- Jun 16, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 6, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Jan 26, 2023 EPSS Score