CVE-2009-2047

Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.

CVSS v2.0 9.0 HIGH

9.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability : 8.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/35706	Patch
http://www.securitytracker.com/id?1022569
http://www.vupen.com/english/advisories/2009/1913
http://secunia.com/advisories/35861
http://osvdb.org/55936
https://exchange.xforce.ibmcloud.com/vulnerabilities/51731

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:crs:4.5:::::::*
	cpe:2.3:a:cisco:crs:5.0:::::::*
	cpe:2.3:a:cisco:unified_ccx:4.5\(2\):::::::*
	cpe:2.3:a:cisco:unified_ccx:4.0\(3\):::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:4.0:::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:4.1:::::::*
	cpe:2.3:a:cisco:unified_ip_contact_center_express:6.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_ip_contact_center_express:7.0:::::::*
	cpe:2.3:a:cisco:crs:3.5:::::::*
	cpe:2.3:a:cisco:crs:4.0:::::::*
	cpe:2.3:a:cisco:crs:4.1:::::::*
	cpe:2.3:a:cisco:unified_ccx:7.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_ccx:4.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_ip_contact_center_express:3.0:::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:6.0:::::::*
	cpe:2.3:a:cisco:unified_ip_contact_center_express:5.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_ccx:4.0\(4\):::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:4.5:::::::*
	cpe:2.3:a:cisco:crs:6.0:::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:7.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_ccx:4.0\(5\):::::::*
	cpe:2.3:a:cisco:unified_ccx:5.0\(1\):::::::*
	cpe:2.3:a:cisco:customer_response_applications:3.5:::::::*
	cpe:2.3:a:cisco:unified_ccx:4.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_ccx:3.5:::::::*
	cpe:2.3:a:cisco:crs:7.0:::::::*
	cpe:2.3:a:cisco:unified_ccx:4.0\(5a\):::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:3.0:::::::*
	cpe:2.3:a:cisco:ip_qm:3.5:::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:3.1:::::::*
	cpe:2.3:a:cisco:unified_ccx:6.0\(1\):::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:5.0:::::::*
	cpe:2.3:a:cisco:unified_ip_ivr:7.0:::::::*

Information

Published : 2009-07-16 08:30

Updated : 2017-08-16 18:30

NVD link : CVE-2009-2047

Mitre link : CVE-2009-2047

JSON object : View

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Products Affected

cisco

ip_qm
crs
customer_response_applications
unified_ip_ivr
unified_ccx
unified_ip_contact_center_express

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ae04b2.shtml", "name": "20090715 Vulnerabilities in Unified Contact Center Express Administration Pages", "tags": ["Patch", "Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/35706", "name": "35706", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1022569", "name": "1022569", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2009/1913", "name": "ADV-2009-1913", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/35861", "name": "35861", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/55936", "name": "55936", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51731", "name": "unified-ccx-interface-directory-traversal(51731)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-22"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-2047", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-07-16T15:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:crs:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:crs:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:4.5\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:4.0\\(3\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_contact_center_express:6.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_contact_center_express:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:crs:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:crs:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:crs:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:7.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:4.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_contact_center_express:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_contact_center_express:5.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:4.0\\(4\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:crs:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:7.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:4.0\\(5\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:5.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:customer_response_applications:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:4.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:crs:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:4.0\\(5a\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:ip_qm:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ccx:6.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unified_ip_ivr:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:30Z"}

9.0 /10