CiscoCISCO-SA-20151209-ERTCisco Emergency Responder Tools Menu Directory Traversal Vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
Percentile
47.0%
A vulnerability in the Tools menu of Cisco Emergency Responder could allow an authenticated, remote attacker to put files in arbitrary locations on an affected device.
The vulnerability is due to a failure to properly sanitize user-supplied input that is provided to the Tools menu as part of a filename. An attacker could exploit this vulnerability by using directory traversal methods to supply a path to a desired file location.
Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert”]
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | emergency_responder | any | cpe:2.3:a:cisco:emergency_responder:any:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
Percentile
47.0%