Improper input validation in Cisco Emergency_responder

CVE-2015-6407

Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.002 (41.1th percentile) — read the EPSS interpretation.

Affected products

Cisco Emergency_responder — versions 10.5\(3.10000.9\)
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

1034383 (vdb-entry, x_refsource_SECTRACK)
20151210 Cisco Emergency Responder Web Framework Arbitrary File Upload Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
78817 (vdb-entry, x_refsource_BID)