CVE-2016-9208
Summary
| CVE | CVE-2016-9208 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-12-14 00:59:00 UTC |
| Updated | 2016-12-22 21:12:00 UTC |
| Description | A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Emergency Responder | 11.5(2.10000.5) | All | All | All |
| Application | Cisco | Emergency Responder | 11.5\(2.10000.5\) | All | All | All |
| Application | Cisco | Emergency Responder | 11.5\(2.10000.5\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Emergency Responder HTTP POST Parameter Validation Flaw Lets Remote Authenticated Users View Files on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco Emergency Responder CVE-2016-9208 Directory Traversal Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Emergency Responder Directory Traversal Vulnerability | CONFIRM | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.