CVE-2016-6370

MEDIUM

Cisco HCM-F <10.6.3 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.

References (3)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcm

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/92704

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036718

Scores

CVSS v3 4.3

EPSS 0.0054

EPSS Percentile 67.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-22

Status published

Affected Products (4)

cisco/hosted_collaboration_mediation_fulfillment

n/a/n/a

Timeline

Published Sep 12, 2016

Tracked Since Feb 18, 2026