Sign-up

ID

VAR-202004-1236


CVE

CVE-2020-3177


TITLE

Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition Past Traversal Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004774

DESCRIPTION

A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) of Cisco Unified Communications Manager (UCM) and Cisco Unified Communications Manager Session Management Edition (SME) could allow an unauthenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the TAPS interface of the affected device. An attacker could exploit this vulnerability by sending a crafted request to the TAPS interface. A successful exploit could allow the attacker to read arbitrary files in the system. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.71

sources: NVD: CVE-2020-3177 // JVNDB: JVNDB-2020-004774 // VULHUB: VHN-181302

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.0

vendor:ciscomodel:unified contact center expressscope:eqversion:12.0\(1\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:12.5\(1.10000.22\)

Trust: 1.0

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified contact center expressscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-004774 // NVD: CVE-2020-3177

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3177
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3177
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-004774
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202004-1103
value: HIGH

Trust: 0.6

VULHUB: VHN-181302
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3177
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-004774
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181302
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3177
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3177
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004774
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181302 // JVNDB: JVNDB-2020-004774 // CNNVD: CNNVD-202004-1103 // NVD: CVE-2020-3177 // NVD: CVE-2020-3177

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-181302 // JVNDB: JVNDB-2020-004774 // NVD: CVE-2020-3177

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1103

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-202004-1103

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004774

PATCH
title:cisco-sa-cucm-taps-path-trav-pfsFO93rurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r
Trust: 0.8
title:Cisco Unified Communications Manager  and Unified Communications Manager Session Management Edition Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=114628
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-004774 // 
            
            
            
            CNNVD: CNNVD-202004-1103

EXTERNAL IDS
db:NVDid:CVE-2020-3177
Trust: 2.5
db:JVNDBid:JVNDB-2020-004774
Trust: 0.8
db:CNNVDid:CNNVD-202004-1103
Trust: 0.7
db:NSFOCUSid:47638
Trust: 0.6
db:AUSCERTid:ESB-2020.1324
Trust: 0.6
db:CNVDid:CNVD-2020-25343
Trust: 0.1
db:VULHUBid:VHN-181302
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181302 // 
            
            
            
            JVNDB: JVNDB-2020-004774 // 
            
            
            
            CNNVD: CNNVD-202004-1103 // 
            
            
            
            NVD: CVE-2020-3177

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-cucm-taps-path-trav-pfsfo93r
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3177
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3177
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.1324/
Trust: 0.6
url:https://vigilance.fr/vulnerability/cisco-unified-communications-manager-directory-traversal-via-taps-32041
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47638
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181302 // 
            
            
            
            JVNDB: JVNDB-2020-004774 // 
            
            
            
            CNNVD: CNNVD-202004-1103 // 
            
            
            
            NVD: CVE-2020-3177

SOURCES
db:VULHUBid:VHN-181302
db:JVNDBid:JVNDB-2020-004774
db:CNNVDid:CNNVD-202004-1103
db:NVDid:CVE-2020-3177

LAST UPDATE DATE
2024-08-14T14:38:30.348000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181302date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004774date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1103date:2020-08-12T00:00:00
db:NVDid:CVE-2020-3177date:2020-04-28T18:31:59.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-181302date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004774date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1103date:2020-04-15T00:00:00
db:NVDid:CVE-2020-3177date:2020-04-15T21:15:35.263