ID
VAR-201512-0382
CVE
CVE-2015-6406
TITLE
Cisco Emergency Responder of Tools Directory traversal vulnerability in menu
Trust: 0.8
DESCRIPTION
Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. A remote attacker could exploit the vulnerability to place files anywhere on the affected device. Exploiting this issue can allow an attacker to gain read access to arbitrary files. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug ID CSCuv21781. The software provides features such as real-time location tracking database and caller's location
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | emergency responder | scope: | eq | version: | 10.5\(1.10000.5\) | Trust: 1.6 |
| vendor: | cisco | model: | emergency responder software | scope: | eq | version: | 10.5(1.10000.5) | Trust: 0.8 |
| vendor: | cisco | model: | emergency responder | scope: | eq | version: | 10.5(1.10000.5) | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-22 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
path traversal
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20151209-ert | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert | Trust: 0.8 |
| title: | Cisco Emergency Responder Tools Menu Fixes for directory traversal vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59129 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6406 | Trust: 3.4 |
| db: | BID | id: | 78816 | Trust: 2.0 |
| db: | SECTRACK | id: | 1034384 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-006385 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201512-289 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-08367 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-84367 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert | Trust: 2.3 |
| url: | http://www.securityfocus.com/bid/78816 | Trust: 1.7 |
| url: | http://www.securitytracker.com/id/1034384 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6406 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6406 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2015-08367 |
| db: | VULHUB | id: | VHN-84367 |
| db: | BID | id: | 78816 |
| db: | JVNDB | id: | JVNDB-2015-006385 |
| db: | CNNVD | id: | CNNVD-201512-289 |
| db: | NVD | id: | CVE-2015-6406 |
LAST UPDATE DATE
2024-11-23T22:27:04.143000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-08367 | date: | 2015-12-22T00:00:00 |
| db: | VULHUB | id: | VHN-84367 | date: | 2016-12-07T00:00:00 |
| db: | BID | id: | 78816 | date: | 2015-12-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-006385 | date: | 2015-12-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201512-289 | date: | 2015-12-14T00:00:00 |
| db: | NVD | id: | CVE-2015-6406 | date: | 2024-11-21T02:34:56.413 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-08367 | date: | 2015-12-22T00:00:00 |
| db: | VULHUB | id: | VHN-84367 | date: | 2015-12-13T00:00:00 |
| db: | BID | id: | 78816 | date: | 2015-12-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-006385 | date: | 2015-12-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201512-289 | date: | 2015-12-11T00:00:00 |
| db: | NVD | id: | CVE-2015-6406 | date: | 2015-12-13T03:59:05.147 |