Vulnerability-Lookup

CVE-2016-9208 (GCVE-0-2016-9208)

Vulnerability from cvelistv5 – Published: 2016-12-14 00:37 – Updated: 2024-08-06 02:42

Summary

Severity ?

No CVSS data available.

CWE

unspecified

Assigner

cisco

References

URL

	Vendor	Product	Version
	n/a	Cisco Emergency Responder	Affected: Cisco Emergency Responder

VAR-201612-0370

Vulnerability from variot - Updated: 2025-04-13 23:37

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). The CiscoEmergencyResponder is an integral part of the Cisco IP Communications System. The real-time location address tracking database and enhanced routing capabilities can route emergency calls to responding public safety answering points based on the caller's location. A directory traversal vulnerability exists in CiscoEmergencyResponder. Cisco Emergency Responder is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug IDs CSCva98951, CSCva98954 and CSCvb57494. There is a security vulnerability in Cisco Emergency Responder Release 10.5 (1.10000.5), which is caused by the program not properly filtering the input submitted by the user

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201612-0370",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "emergency responder",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.5\\(2.10000.5\\)"
      },
      {
        "model": "emergency responder",
        "scope": null,
        "trust": 0.9,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "emergency responder software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "11.5 (2.10000.5)"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "db": "BID",
        "id": "94800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9208"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:emergency_responder",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "94800"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-9208",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2016-9208",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2016-12573",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-98028",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "id": "CVE-2016-9208",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-9208",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-9208",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-12573",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201612-269",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-98028",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98028"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9208"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). The CiscoEmergencyResponder is an integral part of the Cisco IP Communications System. The real-time location address tracking database and enhanced routing capabilities can route emergency calls to responding public safety answering points based on the caller\u0027s location. A directory traversal vulnerability exists in CiscoEmergencyResponder. Cisco Emergency Responder is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks. \nThis issue is being tracked by Cisco Bug IDs CSCva98951, CSCva98954 and CSCvb57494. There is a security vulnerability in Cisco Emergency Responder Release 10.5 (1.10000.5), which is caused by the program not properly filtering the input submitted by the user",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-9208"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "db": "BID",
        "id": "94800"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98028"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-9208",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "94800",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1037426",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-98028",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98028"
      },
      {
        "db": "BID",
        "id": "94800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9208"
      }
    ]
  },
  "id": "VAR-201612-0370",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98028"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      }
    ]
  },
  "last_update_date": "2025-04-13T23:37:27.580000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161207-cer1",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1"
      },
      {
        "title": "Patch for CiscoEmergencyResponder Directory Traversal Vulnerability (CNVD-2016-12573)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/86142"
      },
      {
        "title": "Cisco Emergency Responder Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66309"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-98028"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9208"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/94800"
      },
      {
        "trust": 1.7,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-cer1"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1037426"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9208"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9208"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98028"
      },
      {
        "db": "BID",
        "id": "94800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9208"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "db": "VULHUB",
        "id": "VHN-98028"
      },
      {
        "db": "BID",
        "id": "94800"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-9208"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "date": "2016-12-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-98028"
      },
      {
        "date": "2016-12-09T00:00:00",
        "db": "BID",
        "id": "94800"
      },
      {
        "date": "2016-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "date": "2016-12-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      },
      {
        "date": "2016-12-14T00:59:29.617000",
        "db": "NVD",
        "id": "CVE-2016-9208"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-12573"
      },
      {
        "date": "2016-12-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-98028"
      },
      {
        "date": "2016-12-20T01:08:00",
        "db": "BID",
        "id": "94800"
      },
      {
        "date": "2016-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      },
      {
        "date": "2016-12-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      },
      {
        "date": "2025-04-12T10:46:40.837000",
        "db": "NVD",
        "id": "CVE-2016-9208"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Emergency Responder Vulnerable to accessing files anywhere on the file system",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-006310"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201612-269"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-9208

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-9208

Aliases

CVE-2016-9208

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-9208",
    "description": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).",
    "id": "GSD-2016-9208"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-9208"
      ],
      "details": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).",
      "id": "GSD-2016-9208",
      "modified": "2023-12-13T01:21:21.479257Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-9208",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Emergency Responder",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Emergency Responder"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1"
          },
          {
            "name": "94800",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94800"
          },
          {
            "name": "1037426",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037426"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:emergency_responder:11.5\\(2.10000.5\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-9208"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1"
            },
            {
              "name": "94800",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94800"
            },
            {
              "name": "1037426",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1037426"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-12-22T21:12Z",
      "publishedDate": "2016-12-14T00:59Z"
    }
  }
}

FKIE_CVE-2016-9208

Vulnerability from fkie_nvd - Published: 2016-12-14 00:59 - Updated: 2025-04-12 10:46

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/94800	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1037426	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94800	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037426	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	emergency_responder	11.5\(2.10000.5\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:emergency_responder:11.5\\(2.10000.5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "ED1D9A7D-0AD2-433F-AFAD-CC2C902753C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el File Management Utility, el formulario Download File y la aplicaci\u00f3n Serviceability de Cisco Emergency Responder podr\u00eda permitir a un atacante remoto autenticado acceder a archivos en localizaciones arbitrarias en el sistema de archivo del dispositivo afectado. M\u00e1s Informaci\u00f3n: CSCva98951 CSCva98954 CSCvb57494. Lanzamientos Afectados Conocidos: 11.5(2.10000.5). Lanzamientos Reparados Conocidos: 12.0(0.98000.14) 12.0(0.98000.16)."
    }
  ],
  "id": "CVE-2016-9208",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-12-14T00:59:29.617",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94800"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037426"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1037426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-12573

Vulnerability from cnvd - Published: 2016-12-19

Title

Cisco Emergency Responder目录遍历漏洞（CNVD-2016-12573）

Description

Cisco Emergency Responder是思科IP通信系统中不可或缺的一个部分。实时位置地址跟踪数据库和增强的路由功能可以根据呼叫者的位置，将紧急呼叫转移到响应的公共安全应答点。 Cisco Emergency Responder存在目录遍历漏洞。攻击者利用该漏洞可访问任意文件，发动进一步攻击。

Severity

中

Patch Name

Cisco Emergency Responder目录遍历漏洞（CNVD-2016-12573）的补丁

Patch Description

Cisco Emergency Responder是思科IP通信系统中不可或缺的一个部分。实时位置地址跟踪数据库和增强的路由功能可以根据呼叫者的位置，将紧急呼叫转移到响应的公共安全应答点。 Cisco Emergency Responder存在目录遍历漏洞。攻击者利用该漏洞可访问任意文件，发动进一步攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可联系供应商获得补丁信息： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1

Reference

http://www.securityfocus.com/bid/94800

Impacted products

Name
Cisco Emergency Responder

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94800"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-9208",
      "cveUrl": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9208"
    }
  },
  "description": "Cisco Emergency Responder\u662f\u601d\u79d1IP\u901a\u4fe1\u7cfb\u7edf\u4e2d\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u4e2a\u90e8\u5206\u3002\u5b9e\u65f6\u4f4d\u7f6e\u5730\u5740\u8ddf\u8e2a\u6570\u636e\u5e93\u548c\u589e\u5f3a\u7684\u8def\u7531\u529f\u80fd\u53ef\u4ee5\u6839\u636e\u547c\u53eb\u8005\u7684\u4f4d\u7f6e\uff0c\u5c06\u7d27\u6025\u547c\u53eb\u8f6c\u79fb\u5230\u54cd\u5e94\u7684\u516c\u5171\u5b89\u5168\u5e94\u7b54\u70b9\u3002\r\n\r\nCisco Emergency Responder\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u8bbf\u95ee\u4efb\u610f\u6587\u4ef6\uff0c\u53d1\u52a8\u8fdb\u4e00\u6b65\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-12573",
  "openTime": "2016-12-19",
  "patchDescription": "Cisco Emergency Responder\u662f\u601d\u79d1IP\u901a\u4fe1\u7cfb\u7edf\u4e2d\u4e0d\u53ef\u6216\u7f3a\u7684\u4e00\u4e2a\u90e8\u5206\u3002\u5b9e\u65f6\u4f4d\u7f6e\u5730\u5740\u8ddf\u8e2a\u6570\u636e\u5e93\u548c\u589e\u5f3a\u7684\u8def\u7531\u529f\u80fd\u53ef\u4ee5\u6839\u636e\u547c\u53eb\u8005\u7684\u4f4d\u7f6e\uff0c\u5c06\u7d27\u6025\u547c\u53eb\u8f6c\u79fb\u5230\u54cd\u5e94\u7684\u516c\u5171\u5b89\u5168\u5e94\u7b54\u70b9\u3002\r\n\r\nCisco Emergency Responder\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u8bbf\u95ee\u4efb\u610f\u6587\u4ef6\uff0c\u53d1\u52a8\u8fdb\u4e00\u6b65\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Emergency Responder\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2016-12573\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Emergency Responder"
  },
  "referenceLink": "http://www.securityfocus.com/bid/94800",
  "serverity": "\u4e2d",
  "submitTime": "2016-12-12",
  "title": "Cisco Emergency Responder\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff08CNVD-2016-12573\uff09"
}

GHSA-552P-G3PP-2XVH

Vulnerability from github – Published: 2022-05-17 03:17 – Updated: 2022-05-17 03:17

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-9208"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-14T00:59:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).",
  "id": "GHSA-552p-g3pp-2xvh",
  "modified": "2022-05-17T03:17:56Z",
  "published": "2022-05-17T03:17:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9208"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94800"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037426"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-9208 (GCVE-0-2016-9208)

VAR-201612-0370

GSD-2016-9208

FKIE_CVE-2016-9208

CNVD-2016-12573

GHSA-552P-G3PP-2XVH

Tags

Sightings

Nomenclature