var-201612-0370
Vulnerability from variot
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). The CiscoEmergencyResponder is an integral part of the Cisco IP Communications System. The real-time location address tracking database and enhanced routing capabilities can route emergency calls to responding public safety answering points based on the caller's location. A directory traversal vulnerability exists in CiscoEmergencyResponder. Cisco Emergency Responder is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug IDs CSCva98951, CSCva98954 and CSCvb57494. There is a security vulnerability in Cisco Emergency Responder Release 10.5 (1.10000.5), which is caused by the program not properly filtering the input submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emergency responder",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.5\\(2.10000.5\\)"
},
{
"model": "emergency responder",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "emergency responder software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.5 (2.10000.5)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5\\(2.10000.5\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94800"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-9208",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2016-12573",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-98028",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-9208",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9208",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-12573",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-269",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98028",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). The CiscoEmergencyResponder is an integral part of the Cisco IP Communications System. The real-time location address tracking database and enhanced routing capabilities can route emergency calls to responding public safety answering points based on the caller\u0027s location. A directory traversal vulnerability exists in CiscoEmergencyResponder. Cisco Emergency Responder is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks. \nThis issue is being tracked by Cisco Bug IDs CSCva98951, CSCva98954 and CSCvb57494. There is a security vulnerability in Cisco Emergency Responder Release 10.5 (1.10000.5), which is caused by the program not properly filtering the input submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "VULHUB",
"id": "VHN-98028"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9208",
"trust": 3.4
},
{
"db": "BID",
"id": "94800",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037426",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12573",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98028",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"id": "VAR-201612-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
}
]
},
"last_update_date": "2023-12-18T13:53:09.663000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161207-cer1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-cer1"
},
{
"title": "Patch for CiscoEmergencyResponder Directory Traversal Vulnerability (CNVD-2016-12573)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/86142"
},
{
"title": "Cisco Emergency Responder Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94800"
},
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-cer1"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037426"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9208"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9208"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-98028"
},
{
"date": "2016-12-09T00:00:00",
"db": "BID",
"id": "94800"
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"date": "2016-12-14T00:59:29.617000",
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"date": "2016-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-98028"
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94800"
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"date": "2016-12-22T21:12:02.040000",
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"date": "2016-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Emergency Responder Vulnerable to accessing files anywhere on the file system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.