VAR-201609-0357
Vulnerability from variot - Updated: 2023-12-18 13:57Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. Vendors have confirmed this vulnerability Bug ID CSCuz64717 It is released as.Skillfully crafted by a third party URL May be written to any file via. Exploiting this issue can allow an attacker to write out arbitrary files. This issue is being tracked by Cisco Bug ID CSCuz64717. The software provides functions such as configuring, managing and monitoring services of Cisco HCM-F
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(3\\)_base"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(2\\)_base"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(1\\)_base"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "10.6(3)"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6(3)"
}
],
"sources": [
{
"db": "BID",
"id": "92705"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:10.6\\(2\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:10.6\\(3\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:10.6\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "92705"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6371",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6371",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-95191",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6371",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6371",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-542",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95191",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-6371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. Vendors have confirmed this vulnerability Bug ID CSCuz64717 It is released as.Skillfully crafted by a third party URL May be written to any file via. \nExploiting this issue can allow an attacker to write out arbitrary files. \nThis issue is being tracked by Cisco Bug ID CSCuz64717. The software provides functions such as configuring, managing and monitoring services of Cisco HCM-F",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "BID",
"id": "92705"
},
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6371",
"trust": 2.9
},
{
"db": "BID",
"id": "92705",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036719",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "34712",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95191",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6371",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "BID",
"id": "92705"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
]
},
"id": "VAR-201609-0357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:57:29.493000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160831-hcmf",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-hcmf"
},
{
"title": "Cisco: Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal File System Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160831-hcmf"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-hcmf"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/92705"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036719"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6371"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6371"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34712"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "BID",
"id": "92705"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "BID",
"id": "92705"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-95191"
},
{
"date": "2016-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"date": "2016-08-31T00:00:00",
"db": "BID",
"id": "92705"
},
{
"date": "2016-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"date": "2016-09-12T10:59:06.350000",
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"date": "2016-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-12T00:00:00",
"db": "VULHUB",
"id": "VHN-95191"
},
{
"date": "2016-12-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"date": "2016-08-31T00:00:00",
"db": "BID",
"id": "92705"
},
{
"date": "2016-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"date": "2016-12-12T19:27:49.437000",
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"date": "2016-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Hosted Collaboration Mediation Fulfillment of Web Directory traversal vulnerability in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…