CVE-2016-9208

medium

Published 2016-12-14 · Modified 2026-05-06

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2

4.0

VIR risk

6.5

Description

A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16).

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@cisco.com — https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1

Application impact

Vendor	Product	Versions	Fixed
cisco	emergency_responder	`11.5\(2.10000.5\)`

References

http://www.securityfocus.com/bid/94800
http://www.securitytracker.com/id/1037426
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1
http://www.securityfocus.com/bid/94800
http://www.securitytracker.com/id/1037426
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1

CWEs

CWE-22

Verify integrity in audit chain (admin only). AS-IS.