SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco Hosted Collaboration Solution Vendors:   Cisco
Cisco Hosted Collaboration Mediation Fulfillment Directory Traversal Flaw Lets Remote Users Write Files on the Target System
SecurityTracker Alert ID:  1036719
SecurityTracker URL:  http://securitytracker.com/id/1036719
CVE Reference:   CVE-2016-6371   (Links to External Site)
Date:  Sep 1 2016
Impact:   Modification of system information, Modification of user information
Vendor Confirmed:  Yes  
Version(s): HCM-F 10.6(3) and prior
Description:   A vulnerability was reported in Cisco Hosted Collaboration Mediation Fulfillment. A remote user can write files on the target system.

A remote user can send a specially crafted HTTP URL to exploit an input validation flaw and traverse the directory to write files with the privileges of the target application server.

The vendor has assigned bug ID CSCuz64717 to this vulnerability.

Impact:   A remote user can write files on the target system with the privileges of the web service.
Solution:   No solution was available at the time of this entry.

The vendor advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmf (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC