A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on affected device. To exploit this vulnerability, must have valid administrative credentials. This is due improper limitation a pathname restricted directory (path traversal). An by sending crafted web request device, followed specific command through SSH session. A successful underlying operating system device as low-privilege user. also undertake further actions elevate their privileges root.