Vulnslist

find the latest Cisco vulnerabilities

Cisco Emergency Responder Tools Menu Directory Traversal Vulnerability

cisco-sa-20151209-ert · Medium · Published · Updated

A vulnerability in the Tools menu of Cisco Emergency Responder could allow an authenticated, remote attacker to put files in arbitrary locations on an affected device.   The vulnerability is due to a failure to properly sanitize user-supplied input that is provided to the Tools menu as part of a filename. An attacker could exploit this vulnerability by using directory traversal methods to supply a path to a desired file location. Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ert

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that mitigate this vulnerability.

CVEsCVE-2015-6406
Cisco Bug IDsCSCuv21781
CVSS ScoreBase 4.0
Base 4.0 AV:N/AC:L/Au:S/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Emergency Responder

Related Products

Product CVE Evidence
Cisco Nexus Dashboard CVE-2015-6406 Cisco OpenVuln
Cisco Catalyst PON Series Switches CVE-2015-6406 Cisco OpenVuln
Cisco Application Centric Infrastructure Virtual Edge CVE-2015-6406 Cisco OpenVuln
Cisco Emergency Responder CVE-2015-6406 Cisco OpenVuln