Sign-up

ID

VAR-201612-0370


CVE

CVE-2016-9208


TITLE

Cisco Emergency Responder Vulnerable to accessing files anywhere on the file system

Trust: 0.8

sources: JVNDB: JVNDB-2016-006310

DESCRIPTION

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). The CiscoEmergencyResponder is an integral part of the Cisco IP Communications System. The real-time location address tracking database and enhanced routing capabilities can route emergency calls to responding public safety answering points based on the caller's location. A directory traversal vulnerability exists in CiscoEmergencyResponder. Cisco Emergency Responder is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug IDs CSCva98951, CSCva98954 and CSCvb57494. There is a security vulnerability in Cisco Emergency Responder Release 10.5 (1.10000.5), which is caused by the program not properly filtering the input submitted by the user

Trust: 2.52

sources: NVD: CVE-2016-9208 // JVNDB: JVNDB-2016-006310 // CNVD: CNVD-2016-12573 // BID: 94800 // VULHUB: VHN-98028

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12573

AFFECTED PRODUCTS

vendor:ciscomodel:emergency responderscope:eqversion:11.5\(2.10000.5\)

Trust: 1.6

vendor:ciscomodel:emergency responderscope: - version: -

Trust: 0.9

vendor:ciscomodel:emergency responder softwarescope:eqversion:11.5 (2.10000.5)

Trust: 0.8

sources: CNVD: CNVD-2016-12573 // BID: 94800 // JVNDB: JVNDB-2016-006310 // CNNVD: CNNVD-201612-269 // NVD: CVE-2016-9208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9208
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9208
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-12573
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-269
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98028
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9208
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12573
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98028
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9208
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12573 // VULHUB: VHN-98028 // JVNDB: JVNDB-2016-006310 // CNNVD: CNNVD-201612-269 // NVD: CVE-2016-9208

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-98028 // JVNDB: JVNDB-2016-006310 // NVD: CVE-2016-9208

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-269

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201612-269

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006310

PATCH
title:cisco-sa-20161207-cer1url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1
Trust: 0.8
title:Patch for CiscoEmergencyResponder Directory Traversal Vulnerability (CNVD-2016-12573)url:https://www.cnvd.org.cn/patchInfo/show/86142
Trust: 0.6
title:Cisco Emergency Responder Repair measures for path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66309
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12573 // 
            
            
            
            JVNDB: JVNDB-2016-006310 // 
            
            
            
            CNNVD: CNNVD-201612-269

EXTERNAL IDS
db:NVDid:CVE-2016-9208
Trust: 3.4
db:BIDid:94800
Trust: 2.6
db:SECTRACKid:1037426
Trust: 1.1
db:JVNDBid:JVNDB-2016-006310
Trust: 0.8
db:CNNVDid:CNNVD-201612-269
Trust: 0.7
db:CNVDid:CNVD-2016-12573
Trust: 0.6
db:VULHUBid:VHN-98028
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12573 // 
            
            
            
            VULHUB: VHN-98028 // 
            
            
            
            BID: 94800 // 
            
            
            
            JVNDB: JVNDB-2016-006310 // 
            
            
            
            CNNVD: CNNVD-201612-269 // 
            
            
            
            NVD: CVE-2016-9208

REFERENCES
url:http://www.securityfocus.com/bid/94800
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-cer1
Trust: 1.7
url:http://www.securitytracker.com/id/1037426
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9208
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9208
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12573 // 
            
            
            
            VULHUB: VHN-98028 // 
            
            
            
            BID: 94800 // 
            
            
            
            JVNDB: JVNDB-2016-006310 // 
            
            
            
            CNNVD: CNNVD-201612-269 // 
            
            
            
            NVD: CVE-2016-9208

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 94800 // 
            
            
            
            CNNVD: CNNVD-201612-269

SOURCES
db:CNVDid:CNVD-2016-12573
db:VULHUBid:VHN-98028
db:BIDid:94800
db:JVNDBid:JVNDB-2016-006310
db:CNNVDid:CNNVD-201612-269
db:NVDid:CVE-2016-9208

LAST UPDATE DATE
2024-11-23T22:30:52.416000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12573date:2016-12-19T00:00:00
db:VULHUBid:VHN-98028date:2016-12-22T00:00:00
db:BIDid:94800date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-006310date:2016-12-20T00:00:00
db:CNNVDid:CNNVD-201612-269date:2016-12-13T00:00:00
db:NVDid:CVE-2016-9208date:2024-11-21T03:00:48.167

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12573date:2016-12-19T00:00:00
db:VULHUBid:VHN-98028date:2016-12-14T00:00:00
db:BIDid:94800date:2016-12-09T00:00:00
db:JVNDBid:JVNDB-2016-006310date:2016-12-20T00:00:00
db:CNNVDid:CNNVD-201612-269date:2016-12-12T00:00:00
db:NVDid:CVE-2016-9208date:2016-12-14T00:59:29.617