CVE-2013-5534

medium

Cisco

CVSS v3 Base Score

4.0

AV:N/AC:L/Au:S/C:N/I:P/A:N

EPSS Score

0.2%

Exploitation probability in 30 days

Top 55% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

None

Published: October 19, 2013 (4590 days ago)

Last Modified: April 29, 2026

Vendor: Cisco

Source: NVD

Description

Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to create files, and consequently execute arbitrary JSP code, via a crafted pathname for a file that is not a valid audio file, aka Bug ID CSCuj22948.

CWE

CWE-22

Affected Products

cisco unity connection

References

🔗 tools.cisco.com 🔗 tools.cisco.com

CVE-2013-5534

Vulnerability Report

Description

CWE

Affected Products

References