Sign-up

ID

VAR-201612-0372


CVE

CVE-2016-9210


TITLE

Cisco Unified Communications Manager Vulnerable to arbitrary file modification on the file system

Trust: 0.8

sources: JVNDB: JVNDB-2016-006287

DESCRIPTION

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7). This issue is being tracked by Cisco Bug ID CSCvb61698. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A security vulnerability exists in CUCM due to insufficient detection of client authentication

Trust: 1.98

sources: NVD: CVE-2016-9210 // JVNDB: JVNDB-2016-006287 // BID: 94798 // VULHUB: VHN-98030

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.11007.2\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5(1.11007.2)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 94798 // JVNDB: JVNDB-2016-006287 // CNNVD: CNNVD-201612-274 // NVD: CVE-2016-9210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9210
value: HIGH

Trust: 1.0

NVD: CVE-2016-9210
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201612-274
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98030
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9210
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-98030
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9210
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-98030 // JVNDB: JVNDB-2016-006287 // CNNVD: CNNVD-201612-274 // NVD: CVE-2016-9210

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-98030 // JVNDB: JVNDB-2016-006287 // NVD: CVE-2016-9210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-274

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201612-274

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006287

PATCH
title:cisco-sa-20161207-cururl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-006287

EXTERNAL IDS
db:NVDid:CVE-2016-9210
Trust: 2.8
db:BIDid:94798
Trust: 2.0
db:JVNDBid:JVNDB-2016-006287
Trust: 0.8
db:CNNVDid:CNNVD-201612-274
Trust: 0.7
db:VULHUBid:VHN-98030
Trust: 0.1
sources:
            
            
            VULHUB: VHN-98030 // 
            
            
            
            BID: 94798 // 
            
            
            
            JVNDB: JVNDB-2016-006287 // 
            
            
            
            CNNVD: CNNVD-201612-274 // 
            
            
            
            NVD: CVE-2016-9210

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-cur
Trust: 2.0
url:http://www.securityfocus.com/bid/94798
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9210
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9210
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-98030 // 
            
            
            
            BID: 94798 // 
            
            
            
            JVNDB: JVNDB-2016-006287 // 
            
            
            
            CNNVD: CNNVD-201612-274 // 
            
            
            
            NVD: CVE-2016-9210

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 94798 // 
            
            
            
            CNNVD: CNNVD-201612-274

SOURCES
db:VULHUBid:VHN-98030
db:BIDid:94798
db:JVNDBid:JVNDB-2016-006287
db:CNNVDid:CNNVD-201612-274
db:NVDid:CVE-2016-9210

LAST UPDATE DATE
2024-11-23T22:42:19.274000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-98030date:2017-01-04T00:00:00
db:BIDid:94798date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-006287date:2016-12-19T00:00:00
db:CNNVDid:CNNVD-201612-274date:2016-12-13T00:00:00
db:NVDid:CVE-2016-9210date:2024-11-21T03:00:48.377

SOURCES RELEASE DATE
db:VULHUBid:VHN-98030date:2016-12-14T00:00:00
db:BIDid:94798date:2016-12-07T00:00:00
db:JVNDBid:JVNDB-2016-006287date:2016-12-19T00:00:00
db:CNNVDid:CNNVD-201612-274date:2016-12-12T00:00:00
db:NVDid:CVE-2016-9210date:2016-12-14T00:59:32.227