CVE-2016-9210

HIGH

Cisco Unified Reporting - Unauthenticated RCE

Title source: llm
STIX 2.1

Description

A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to modify arbitrary files on the file system. More Information: CSCvb61698. Known Affected Releases: 11.5(1.11007.2). Known Fixed Releases: 12.0(0.98000.168) 12.0(0.98000.178) 12.0(0.98000.399) 12.0(0.98000.510) 12.0(0.98000.536) 12.0(0.98500.7).

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/94798

Scores

CVSS v3 7.5
EPSS 0.0301
EPSS Percentile 85.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-22
Status published
Products (2)
cisco/unified_communications_manager 11.5\(1.11007.2\)
n/a/Cisco Unified Reporting Cisco Unified Reporting
Published Dec 14, 2016
Tracked Since Feb 18, 2026