Home

CVE-2016-9210

Description

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.278

Associated Vulnerability

VulnerabilityOS Platform
Cisco Unified Communications Manager Unified Reporting Upload Tool Directory Traversal Vulnerability For Cisco Unified Communications Manager (CallManager)NCM
Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability (CVE-2016-9210)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706016Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234