CVE-2016-9210

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).

Published: Dec 14, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-9210
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
cisco / unified_communications_manager	11.5(1.11007.2)	11.5(1.11007.2).x

http://www.securityfocus.com/bid/94798
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cur

Vulnerability Database

289,697

CVE-2016-9210