A vulnerability in the Tools menu of Cisco Emergency Responder could allow an authenticated, remote malicious user to put files in arbitrary locations on an affected device. The vulnerability is due to a failure to properly sanitize user-supplied input that is provided to the Tools menu as part of a filename. An attacker could exploit this vulnerability by using directory traversal methods to supply a path to a desired file location. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco emergency responder 10.5\\(1.10000.5\\) |