CVE-2016-6370

Name: CVE-2016-6370
Creator: NVD / NIST
Published: 2016-09-12T10:59:05.273+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.38%

Last modified Jun 17, 2026

CVE-2016-6370 is a vulnerability of currently unknown severity. Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.. EPSS estimates a 2.38% chance of exploitation in the next 30 days.

Description

Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote authenticated users to read arbitrary files via a crafted pathname in an HTTP request, aka Bug ID CSCuz27255.

Metrics

EPSS Probability

2.38%

81.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Cisco	Hosted Collaboration Mediation Fulfillment	10.6\(1\)_base
Cisco	Hosted Collaboration Mediation Fulfillment	10.6\(2\)_base
Cisco	Hosted Collaboration Mediation Fulfillment	10.6\(3\)_base

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmVendor Advisory
http://www.securityfocus.com/bid/92704Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1036718Third Party Advisory, VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-hcmVendor Advisory
http://www.securityfocus.com/bid/92704Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1036718Third Party Advisory, VDB Entry

Timeline

Published: Sep 12, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-6370?

How severe is CVE-2016-6370?

Severity scoring for CVE-2016-6370 is pending analysis. The EPSS model estimates a 2.38% probability of exploitation in the next 30 days.

How do I fix CVE-2016-6370?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-6370?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST