Published: 12/09/2016 Updated: 12/12/2016

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and previous versions allows remote malicious users to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco hosted collaboration mediation fulfillment 10.6\\(2\\)_base
cisco hosted collaboration mediation fulfillment 10.6\\(3\\)_base
cisco hosted collaboration mediation fulfillment 10.6\\(1\\)_base

A vulnerability in the web interface of Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to write arbitrary files to any file system location that the application server has permissions to access The vulnerability is due to lack of proper input validation of the HTTP URL format An attac ...

CWE-22 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf http://www.securitytracker.com/id/1036719 http://www.securityfocus.com/bid/92705 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-6371

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect