CVE-2014-3292

Vulnerability

The Real Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (Unified CM) contains a path traversal vulnerability that allows remote authenticated users to read or delete arbitrary files on the system. This is achieved by sending a crafted URL to the RTMT interface. Affected versions are not explicitly listed in the description, but the bug IDs are CSCuo17302 and CSCuo17199. [1]

Exploitation

An attacker must have valid credentials to authenticate to the Cisco Unified CM web interface. Once authenticated, the attacker can craft a URL that traverses directories to access or delete files outside the intended RTMT directory. No additional privileges or user interaction beyond authentication are required. [1]

Impact

Successful exploitation allows an authenticated attacker to read sensitive files (information disclosure) or delete arbitrary files (denial of service or data loss). The attacker can operate with the privileges of the RTMT application, which typically runs with elevated system access. [1]

Mitigation

Cisco has not released a software update for this vulnerability as of the publication date (2014-06-10). The advisory recommends restricting access to the RTMT interface to trusted users and networks. No workaround is provided in the available references. [1]