var-201609-0357
Vulnerability from variot
Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. Vendors have confirmed this vulnerability Bug ID CSCuz64717 It is released as.Skillfully crafted by a third party URL May be written to any file via. Exploiting this issue can allow an attacker to write out arbitrary files. This issue is being tracked by Cisco Bug ID CSCuz64717. The software provides functions such as configuring, managing and monitoring services of Cisco HCM-F
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0357",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(2\\)_base"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(1\\)_base"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(3\\)_base"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "10.6(3)"
},
{
"model": "hosted collaboration mediation fulfillment",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.6(3)"
}
],
"sources": [
{
"db": "BID",
"id": "92705"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:hosted_collaboration_mediation_fulfillment",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "92705"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6371",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6371",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-95191",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6371",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6371",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-6371",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-542",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95191",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-6371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. Vendors have confirmed this vulnerability Bug ID CSCuz64717 It is released as.Skillfully crafted by a third party URL May be written to any file via. \nExploiting this issue can allow an attacker to write out arbitrary files. \nThis issue is being tracked by Cisco Bug ID CSCuz64717. The software provides functions such as configuring, managing and monitoring services of Cisco HCM-F",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "BID",
"id": "92705"
},
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6371",
"trust": 2.9
},
{
"db": "BID",
"id": "92705",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036719",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "34712",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95191",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6371",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "BID",
"id": "92705"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"id": "VAR-201609-0357",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:07:47.203000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160831-hcmf",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf"
},
{
"title": "Cisco: Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal File System Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160831-hcmf"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-hcmf"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/92705"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1036719"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6371"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6371"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34712"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "BID",
"id": "92705"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95191"
},
{
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"db": "BID",
"id": "92705"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
},
{
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-95191"
},
{
"date": "2016-09-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"date": "2016-08-31T00:00:00",
"db": "BID",
"id": "92705"
},
{
"date": "2016-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"date": "2016-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-542"
},
{
"date": "2016-09-12T10:59:06.350000",
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-12T00:00:00",
"db": "VULHUB",
"id": "VHN-95191"
},
{
"date": "2016-12-12T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6371"
},
{
"date": "2016-08-31T00:00:00",
"db": "BID",
"id": "92705"
},
{
"date": "2016-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004634"
},
{
"date": "2016-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-542"
},
{
"date": "2024-11-21T02:56:00.017000",
"db": "NVD",
"id": "CVE-2016-6371"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Hosted Collaboration Mediation Fulfillment of Web Directory traversal vulnerability in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004634"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-542"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…