ID
VAR-201512-0383
CVE
CVE-2015-6407
TITLE
Cisco Emergency Responder Vulnerable to uploading files to arbitrary locations
Trust: 0.8
DESCRIPTION
Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. The Cisco Emergency Responder real-time location address tracking database and enhanced routing capabilities allow emergency calls to be directly transferred to the appropriate Public Safety Answering Point (PASP) based on the caller's location. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCuv25501. Cisco Emergency Responder (ER) is an emergency call software in an IP communication system of Cisco (Cisco). The software provides features such as real-time location tracking database and caller's location. A security vulnerability exists in Cisco ER 10.5 (3.10000.9) release
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | emergency responder | scope: | eq | version: | 10.5\(3.10000.9\) | Trust: 1.6 |
| vendor: | cisco | model: | emergency responder software | scope: | eq | version: | 10.5(3.10000.9) | Trust: 0.8 |
| vendor: | cisco | model: | emergency responder | scope: | eq | version: | 10.5(3.10000.9) | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20151209-erw | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-erw | Trust: 0.8 |
| title: | Cisco Emergency Responder Fixes for any file upload vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59128 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6407 | Trust: 3.4 |
| db: | BID | id: | 78817 | Trust: 2.0 |
| db: | SECTRACK | id: | 1034383 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-006386 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201512-288 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-08368 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-84368 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-erw | Trust: 2.3 |
| url: | http://www.securityfocus.com/bid/78817 | Trust: 1.7 |
| url: | http://www.securitytracker.com/id/1034383 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6407 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6407 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2015-08368 |
| db: | VULHUB | id: | VHN-84368 |
| db: | BID | id: | 78817 |
| db: | JVNDB | id: | JVNDB-2015-006386 |
| db: | CNNVD | id: | CNNVD-201512-288 |
| db: | NVD | id: | CVE-2015-6407 |
LAST UPDATE DATE
2024-11-23T22:07:53.497000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-08368 | date: | 2015-12-22T00:00:00 |
| db: | VULHUB | id: | VHN-84368 | date: | 2016-12-07T00:00:00 |
| db: | BID | id: | 78817 | date: | 2015-12-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-006386 | date: | 2015-12-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201512-288 | date: | 2015-12-14T00:00:00 |
| db: | NVD | id: | CVE-2015-6407 | date: | 2024-11-21T02:34:56.520 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-08368 | date: | 2015-12-22T00:00:00 |
| db: | VULHUB | id: | VHN-84368 | date: | 2015-12-13T00:00:00 |
| db: | BID | id: | 78817 | date: | 2015-12-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-006386 | date: | 2015-12-16T00:00:00 |
| db: | CNNVD | id: | CNNVD-201512-288 | date: | 2015-12-11T00:00:00 |
| db: | NVD | id: | CVE-2015-6407 | date: | 2015-12-13T03:59:06.367 |