Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal (CVE-2011-3315)

A directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.

Cisco统一通信管理器（CUCM）5.x及6.x版本在6.1(5)SU2之前，7.x版本在7.1(5b)SU2之前，以及8.x版本在8.0(3)之前，以及Cisco统一联系中心Express（亦称统一CCX或UCCX）和Cisco统一IP交互式语音应答（Unified IP-IVR）在6.0(1)SR1ES8之前，7.0(x)版本在7.0(2)ES1之前，8.0(x)版本至8.0(2)SU3，以及8.5(x)版本在8.5(1)SU2之前均存在目录遍历漏洞，此漏洞允许远程攻击者通过精心构造的URL读取任意文件，该漏洞对应Bug IDs为CSCth09343和CSCts44049。