CVE-2014-3318

Published: Jul 10, 2014Modified: May 6, 2026

4.0

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability: 8.0 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.

Affected (2)

Products: Cisco: Unified Communications Manager

Cisco

1 product

Unified Communications Manager

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Cisco Unified Communications Manager	All versions
Cisco Unified Communications Manager	Version 10.0(1)_base

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (12)

http://secunia.com/advisories/59728

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3318

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=34897

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/68482

Source: psirt@cisco.com

http://www.securitytracker.com/id/1030554

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/94433

Source: psirt@cisco.com

http://secunia.com/advisories/59728