CVE-2016-6370 — Path Traversal in Cisco Hosted Collaboration Mediation Fulfillment
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 32.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 12
Latest updateMay 17
Description
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4
Affected Packages1 packages
▶NVDcisco/hosted_collaboration_mediation_fulfillment10.6\(1\)_base, 10.6\(2\)_base, 10.6\(3\)_base+2
🔴Vulnerability Details
2GHSA▶
GHSA-6cqx-qc5v-r3pg: Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10↗2022-05-17
CVEList▶
CVE-2016-6370: Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10↗2016-09-12
📋Vendor Advisories
1Cisco▶
Cisco Hosted Collaboration Mediation Fulfillment Authenticated Directory Traversal Vulnerability↗2016-08-31