Details of VAR-201609-0357

ID

VAR-201609-0357

CVE

CVE-2016-6371

TITLE

Cisco Hosted Collaboration Mediation Fulfillment of Web Directory traversal vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-004634

DESCRIPTION

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. Vendors have confirmed this vulnerability Bug ID CSCuz64717 It is released as.Skillfully crafted by a third party URL May be written to any file via. Exploiting this issue can allow an attacker to write out arbitrary files. This issue is being tracked by Cisco Bug ID CSCuz64717. The software provides functions such as configuring, managing and monitoring services of Cisco HCM-F

Trust: 2.07

sources: NVD: CVE-2016-6371 // JVNDB: JVNDB-2016-004634 // BID: 92705 // VULHUB: VHN-95191 // VULMON: CVE-2016-6371

AFFECTED PRODUCTS

vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6\(2\)_base	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6\(1\)_base	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6\(3\)_base	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	lte	version:	10.6(3)	Trust: 0.8
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6(3)	Trust: 0.3

sources: BID: 92705 // JVNDB: JVNDB-2016-004634 // CNNVD: CNNVD-201608-542 // NVD: CVE-2016-6371

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6371
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6371
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-542
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95191
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-6371
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6371
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-95191
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6371
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95191 // VULMON: CVE-2016-6371 // JVNDB: JVNDB-2016-004634 // CNNVD: CNNVD-201608-542 // NVD: CVE-2016-6371

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-95191 // JVNDB: JVNDB-2016-004634 // NVD: CVE-2016-6371

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-542

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201608-542

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004634

PATCH

title:	cisco-sa-20160831-hcmf	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf	Trust: 0.8
title:	Cisco: Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal File System Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160831-hcmf	Trust: 0.1

sources: VULMON: CVE-2016-6371 // JVNDB: JVNDB-2016-004634

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6371	Trust: 2.9
db:	BID	id:	92705	Trust: 2.1
db:	SECTRACK	id:	1036719	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-004634	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-542	Trust: 0.7
db:	NSFOCUS	id:	34712	Trust: 0.6
db:	VULHUB	id:	VHN-95191	Trust: 0.1
db:	VULMON	id:	CVE-2016-6371	Trust: 0.1

sources: VULHUB: VHN-95191 // VULMON: CVE-2016-6371 // BID: 92705 // JVNDB: JVNDB-2016-004634 // CNNVD: CNNVD-201608-542 // NVD: CVE-2016-6371

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-hcmf	Trust: 2.2
url:	http://www.securityfocus.com/bid/92705	Trust: 1.9
url:	http://www.securitytracker.com/id/1036719	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6371	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6371	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/34712	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-95191 // VULMON: CVE-2016-6371 // BID: 92705 // JVNDB: JVNDB-2016-004634 // CNNVD: CNNVD-201608-542 // NVD: CVE-2016-6371

CREDITS

Cisco

Trust: 0.9

sources: BID: 92705 // CNNVD: CNNVD-201608-542

SOURCES

db:	VULHUB	id:	VHN-95191
db:	VULMON	id:	CVE-2016-6371
db:	BID	id:	92705
db:	JVNDB	id:	JVNDB-2016-004634
db:	CNNVD	id:	CNNVD-201608-542
db:	NVD	id:	CVE-2016-6371

LAST UPDATE DATE

2024-11-23T22:07:47.203000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95191	date:	2016-12-12T00:00:00
db:	VULMON	id:	CVE-2016-6371	date:	2016-12-12T00:00:00
db:	BID	id:	92705	date:	2016-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2016-004634	date:	2016-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201608-542	date:	2016-09-13T00:00:00
db:	NVD	id:	CVE-2016-6371	date:	2024-11-21T02:56:00.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95191	date:	2016-09-12T00:00:00
db:	VULMON	id:	CVE-2016-6371	date:	2016-09-12T00:00:00
db:	BID	id:	92705	date:	2016-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2016-004634	date:	2016-09-14T00:00:00
db:	CNNVD	id:	CNNVD-201608-542	date:	2016-08-31T00:00:00
db:	NVD	id:	CVE-2016-6371	date:	2016-09-12T10:59:06.350