CVE-2016-9210 — Path Traversal in Cisco Unified Communications Manager

CWE-22 — Path Traversal4 documents4 sources

Severity

7.5HIGHNVD

EPSS

2.3%

top 15.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Communications Manager

Timeline

PublishedDec 14

Latest updateMay 17

Description

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDcisco/unified_communications_manager11.5\(1.11007.2\)

🔴Vulnerability Details

GHSA

GHSA-ffv7-cxh7-pfjm: A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remot↗2022-05-17

▶

CVEList

CVE-2016-9210: A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remot↗2016-12-14

▶

📋Vendor Advisories

Cisco

Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability↗2016-12-08

▶