| Vulnerability Name: | CVE-2016-9210 (CCN-119784) | ||||||||||||
| Assigned: | 2016-12-07 | ||||||||||||
| Published: | 2016-12-07 | ||||||||||||
| Updated: | 2017-01-04 | ||||||||||||
| Summary: | A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-22 | ||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-9210 Source: BID Type: Third Party Advisory, VDB Entry 94798 Source: CCN Type: BID-94798 Cisco Unified Communications Manager CVE-2016-9210 Directory Traversal Vulnerability Source: XF Type: UNKNOWN cumn-cve20169210-dos(119784) Source: CCN Type: Cisco Security Advisory cisco-sa-20161207-cur Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability Source: CONFIRM Type: Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||