Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted (1) HTTP or (2) HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369.
2013-05-09T12:31:19.227
2025-04-11T00:51:21.963
Deferred
CVSSv2: 7.8 (HIGH)
AV:N/AC:L/Au:N/C:N/I:C/A:N
10.0
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | cisco | unified_customer_voice_portal | ≤ 9.0\(1\) | Yes |
| Application | cisco | unified_customer_voice_portal | 3.0 | Yes |
| Application | cisco | unified_customer_voice_portal | 3.0 | Yes |
| Application | cisco | unified_customer_voice_portal | 3.6\(10\) | Yes |
| Application | cisco | unified_customer_voice_portal | 4.0 | Yes |
| Application | cisco | unified_customer_voice_portal | 4.0\(2\) | Yes |
| Application | cisco | unified_customer_voice_portal | 4.0\(2\) | Yes |
| Application | cisco | unified_customer_voice_portal | 4.1 | Yes |
| Application | cisco | unified_customer_voice_portal | 7.0 | Yes |
| Application | cisco | unified_customer_voice_portal | 7.0\(2\) | Yes |
| Application | cisco | unified_customer_voice_portal | 8.0\(1\) | Yes |
| Application | cisco | unified_customer_voice_portal | 8.5\(1\) | Yes |
| Application | cisco | unified_customer_voice_portal | 9.0 | Yes |