Cisco UCCX bootstrap服务目录遍历漏洞
Cisco UCCX bootstrap服务目录遍历漏洞
发布日期:2010-06-10
更新日期:2010-06-12
受影响系统:
Cisco CRS 7.x
Cisco CRS 6.x
Cisco CRS 5.x
Cisco Unified IP IVR 7.x
Cisco Unified IP IVR 6.x
Cisco Unified IP IVR 5.x
Cisco Unified Contact Center Express 7.x
Cisco Unified Contact Center Express 6.x
Cisco Unified Contact Center Express 5.x
不受影响系统:
Cisco Unified Contact Center Express 7.0(2)
Cisco Unified Contact Center Express 7.0(1)SR4
Cisco Unified Contact Center Express 6.0(1)SR1
Cisco Unified Contact Center Express 5.0(2)SR3
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 40680
CVE ID: CVE-2010-1571
Cisco UCCX是集成的联络中心解决方案。
Cisco UCCX产品的bootstrap服务中存在目录遍历漏洞。可通过发送向TCP 6295端口的bootstrap发送消息来触发这个漏洞,导致读访问系统上的任意文件。所有的部署模式都可能受影响,如ICD、ICM和IP-IVR,但仅在配置中添加了第二节点的情况下才受影响。
<*来源:Cisco
链接:http://secunia.com/advisories/35861/
http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20100609-uccx)以及相应补丁:
cisco-sa-20100609-uccx:Vulnerabilities in Cisco Unified Contact Center Express
链接:http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml
评论暂时关闭