Release date:
Updated on:
Affected Systems:
Cisco CVP 7.x
Cisco CVP 4.1.x
Cisco CVP 4.0.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 59743
CVE (CAN) ID: CVE-2013-1224
Cisco uniied Customer Voice Portal (CVP) provides Voice and video self-service.
The Customer Voice Portal (CVP) earlier than Apsara stack 9.0.1 ES 11 has the remote path traversal vulnerability. Remote attackers can exploit this vulnerability without authentication and end-user interaction, attackers can execute arbitrary code after successful exploitation. Attackers can use IPv4 and IPv6 packets through the following ports: HTTP uses TCP port 80 and HTTPS uses TCP port 443
<* Source: Alex Senkevitch
Link: http://tools.cisco.com/security/center/viewAlert.x? AlertId = 28982 & vs_f = Cisco % 20 Applied % 20 Mitigation % 20 Bulletins & vs_cat = Security % 20 Intelligence & vs_type = RSS & vs_p = Identifying % 20and % 20 Mitigating % 20 Multiple % 20 Vulnerabilities % 20in % 20 Cisco % 20 uniied % 20 Customer % 20
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.cisco.com/go/psirt