VAR-201612-0370
Vulnerability from variot - Updated: 2025-04-13 23:37A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). The CiscoEmergencyResponder is an integral part of the Cisco IP Communications System. The real-time location address tracking database and enhanced routing capabilities can route emergency calls to responding public safety answering points based on the caller's location. A directory traversal vulnerability exists in CiscoEmergencyResponder. Cisco Emergency Responder is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks. This issue is being tracked by Cisco Bug IDs CSCva98951, CSCva98954 and CSCvb57494. There is a security vulnerability in Cisco Emergency Responder Release 10.5 (1.10000.5), which is caused by the program not properly filtering the input submitted by the user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emergency responder",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.5\\(2.10000.5\\)"
},
{
"model": "emergency responder",
"scope": null,
"trust": 0.9,
"vendor": "cisco",
"version": null
},
{
"model": "emergency responder software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.5 (2.10000.5)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:emergency_responder",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94800"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
],
"trust": 0.9
},
"cve": "CVE-2016-9208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-9208",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2016-12573",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-98028",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-9208",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9208",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-9208",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-12573",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-269",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98028",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). The CiscoEmergencyResponder is an integral part of the Cisco IP Communications System. The real-time location address tracking database and enhanced routing capabilities can route emergency calls to responding public safety answering points based on the caller\u0027s location. A directory traversal vulnerability exists in CiscoEmergencyResponder. Cisco Emergency Responder is prone to a directory-traversal vulnerability. Information harvested may aid in launching further attacks. \nThis issue is being tracked by Cisco Bug IDs CSCva98951, CSCva98954 and CSCvb57494. There is a security vulnerability in Cisco Emergency Responder Release 10.5 (1.10000.5), which is caused by the program not properly filtering the input submitted by the user",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9208"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "VULHUB",
"id": "VHN-98028"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9208",
"trust": 3.4
},
{
"db": "BID",
"id": "94800",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1037426",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-12573",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98028",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"id": "VAR-201612-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
}
]
},
"last_update_date": "2025-04-13T23:37:27.580000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161207-cer1",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1"
},
{
"title": "Patch for CiscoEmergencyResponder Directory Traversal Vulnerability (CNVD-2016-12573)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/86142"
},
{
"title": "Cisco Emergency Responder Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66309"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94800"
},
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-cer1"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037426"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9208"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9208"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ert"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"db": "VULHUB",
"id": "VHN-98028"
},
{
"db": "BID",
"id": "94800"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
},
{
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-98028"
},
{
"date": "2016-12-09T00:00:00",
"db": "BID",
"id": "94800"
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"date": "2016-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-269"
},
{
"date": "2016-12-14T00:59:29.617000",
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12573"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-98028"
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94800"
},
{
"date": "2016-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006310"
},
{
"date": "2016-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-269"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-9208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Emergency Responder Vulnerable to accessing files anywhere on the file system",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006310"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-269"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…