Cisco Emergency Responder Tools Menu Directory Traversal Vulnerability

A vulnerability in the Tools menu of Cisco Emergency Responder could allow an authenticated, remote attacker to put files in arbitrary locations on an affected device.
 
The vulnerability is due to a failure to properly sanitize user-supplied input that is provided to the Tools menu as part of a filename. An attacker could exploit this vulnerability by using directory traversal methods to supply a path to a desired file location.

Cisco has released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.

This advisory is available at the following link: http://ift.tt/21RLKJF

from Cisco Security Advisory http://ift.tt/21RLKJF