Path Traversal in Cisco Emergency_responder

CVE-2015-6406

Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv21781.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.004 (62.6th percentile) — read the EPSS interpretation.

Affected products

Cisco Emergency_responder — versions 10.5\(1.10000.5\)
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

1034384 (vdb-entry, x_refsource_SECTRACK)
78816 (vdb-entry, x_refsource_BID)
20151210 Cisco Emergency Responder Tools Menu Directory Traversal Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)