What is CVE-2013-5528?

CVE-2013-5528 is a vulnerability in Cisco Unified_communications_manager, classified under Path Traversal. Published 2013-10-11.

Is CVE-2013-5528 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Cisco Unified_communications_manager

CVE-2013-5528

Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.615 (98.4th percentile) — read the EPSS interpretation.

Affected products

Cisco Unified_communications_manager
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

References

40887 (Exploit, exploit, Third Party Advisory, VDB Entry, x_refsource_EXPLOIT-DB)
psirt@cisco.com (Exploit, VDB Entry, Third Party Advisory, x_refsource_MISC)
98336 (x_refsource_OSVDB, vdb-entry, Broken Link)
62960 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
20131010 Cisco Unified Communications Manager Administrative Web Interface Directory Traversal Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2013-5528?: CVE-2013-5528 is a vulnerability in Cisco Unified_communications_manager, classified under Path Traversal. Published 2013-10-11.
Is CVE-2013-5528 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.