发布日期：2011-10-27
更新日期：2011-10-27

受影响系统：

Cisco Unified Communications Manager 7.x
Cisco Unified Communications Manager 6.x
Cisco Unified Contact Center Express (CCX) 8.x
Cisco Unified Contact Center Express (CCX) 7.x
Cisco Unified Contact Center Express (CCX) 6.x
Cisco Unified IP Interactive Voice Response 8.x
Cisco Unified IP Interactive Voice Response 7.x
Cisco Unified IP Interactive Voice Response 6.x

不受影响系统：

Cisco Unified Communications Manager 8.0(3)
Cisco Unified Communications Manager 7.1(5b)SU2
Cisco Unified Communications Manager 6.1(5)SU2
Cisco Unified Contact Center Express (CCX) 8.5(1)SU2
Cisco Unified Contact Center Express (CCX) 8.0(2)SU3
Cisco Unified Contact Center Express (CCX) 7.0(2)ES1
Cisco Unified Contact Center Express (CCX) 6.0(1)SR1ES8
Cisco Unified IP Interactive Voice Response 8.5(1)SU2
Cisco Unified IP Interactive Voice Response 8.0(2)SU3
Cisco Unified IP Interactive Voice Response 7.0(2)ES1
Cisco Unified IP Interactive Voice Response 6.0(1)SR1ES8

描述：

---

BUGTRAQ  ID: 50372
CVE ID: CVE-2011-3315

Cisco Unified Communications Manager是Cisco IP Telephony解决方案中的呼叫处理组件，将企业电话功能扩展到报文电话网络设备，例如IP电话、媒体处理设备、VoIP网关和多媒体设备。Cisco Unified Contact Center Express是单节点和双节点呼叫中心服务器。Cisco Unified Interactive Voice Response是提供IP呼叫队列和IP智能音频回复的UCCX产品包。

多个思科产品目录在实现上存在遍历漏洞，攻击者可利用这些漏洞在应用程序当前目录之外写入任意文件。

<*来源：Cisco
  
  链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm
        http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-20111026-cucm）以及相应补丁:

cisco-sa-20111026-cucm：Cisco Unified Communications Manager Directory Traversal Vulnerability

链接：http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm

浏览次数：2231
严重程度：0（网友投票）