5
CVSSv2

CVE-2016-6371

Published: 12/09/2016 Updated: 12/12/2016
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and previous versions allows remote malicious users to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

Affected Products

Vendor Product Versions
CiscoHosted Collaboration Mediation Fulfillment10.6(1) Base, 10.6(2) Base, 10.6(3) Base

Vendor Advisories

A vulnerability in the web interface of Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to write arbitrary files to any file system location that the application server has permissions to access The vulnerability is due to lack of proper input validation of the HTTP URL format An attac ...