Vulnerability Details : CVE-2010-1571
Directory traversal vulnerability in the bootstrap service in Cisco Unified Contact Center Express (UCCX) 7.0 before 7.0(1)SR4 and 7.0(2), unspecified 6.0 versions, and 5.0 before 5.0(2)SR3 allows remote attackers to read arbitrary files via a crafted bootstrap message to TCP port 6295.
Vulnerability category: Directory traversal
Exploit prediction scoring system (EPSS) score for CVE-2010-1571
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1571
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2010-1571
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1571
-
http://www.securityfocus.com/bid/40680
Cisco Unified Contact Center Express Bootstrap Service Directory Traversal Vulnerability
-
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2f110.shtml
Vulnerabilities in Cisco Unified Contact Center Express - CiscoPatch;Vendor Advisory
-
http://www.securitytracker.com/id?1024082
Cisco Unified Contact Center Express Directory Traversal Flaw Lets Remote Users View Arbitrary Files on the Target System - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59277
Cisco Unified Contact Center Express bootstrap directory traversal CVE-2010-1571 Vulnerability Report
Products affected by CVE-2010-1571
- cpe:2.3:a:cisco:unified_contact_center_express:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_express:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_contact_center_express:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:customer_response_solution:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:customer_response_solution:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:customer_response_solution:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_ip_interactive_voice_response:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_ip_interactive_voice_response:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_ip_interactive_voice_response:7.0:*:*:*:*:*:*:*