Details of VAR-201601-0053

ID

VAR-201601-0053

CVE

CVE-2016-1295

TITLE

Cisco Adaptive Security Appliance Vulnerabilities that can capture important information in software

Trust: 0.8

sources: JVNDB: JVNDB-2016-001302

DESCRIPTION

Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote attackers to obtain sensitive information via an AnyConnect authentication attempt, aka Bug ID CSCuo65775. Vendors have confirmed this vulnerability Bug ID CSCuo65775 It is released as.By a third party AnyConnect Important information can be obtained through authentication attempts. The CiscoASA5500 Series Adaptive Security Appliance is a modular platform for providing security and VPN services with firewall, IPS, anti-X and VPN services. An unauthenticated attacker could exploit this vulnerability to obtain sensitive information. This issue is being tracked by Cisco Bug ID CSCuo65775

Trust: 2.52

sources: NVD: CVE-2016-1295 // JVNDB: JVNDB-2016-001302 // CNVD: CNVD-2016-00384 // BID: 80881 // VULHUB: VHN-90114

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00384

AFFECTED PRODUCTS

vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.15	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3.8	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.8	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.3	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.11	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3.9	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4	Trust: 1.4
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.28	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.22	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.29	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.9	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.23	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.5	Trust: 1.0

sources: CNVD: CNVD-2016-00384 // JVNDB: JVNDB-2016-001302 // CNNVD: CNNVD-201601-349 // NVD: CVE-2016-1295

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1295
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1295
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-00384
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201601-349
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90114
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1295
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00384
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90114
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1295
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-00384 // VULHUB: VHN-90114 // JVNDB: JVNDB-2016-001302 // CNNVD: CNNVD-201601-349 // NVD: CVE-2016-1295

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-90114 // JVNDB: JVNDB-2016-001302 // NVD: CVE-2016-1295

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-349

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201601-349

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001302

PATCH

title:	cisco-sa-20160115-asa	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160115-asa	Trust: 0.8
title:	Patch for CiscoAdaptiveSecurityAppliance Information Disclosure Vulnerability (CNVD-2016-00384)	url:	https://www.cnvd.org.cn/patchInfo/show/70320	Trust: 0.6
title:	Cisco Adaptive Security Appliances Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59667	Trust: 0.6

sources: CNVD: CNVD-2016-00384 // JVNDB: JVNDB-2016-001302 // CNNVD: CNNVD-201601-349

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1295	Trust: 3.4
db:	SECTRACK	id:	1034691	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001302	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-349	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00384	Trust: 0.6
db:	BID	id:	80881	Trust: 0.4
db:	VULHUB	id:	VHN-90114	Trust: 0.1

sources: CNVD: CNVD-2016-00384 // VULHUB: VHN-90114 // BID: 80881 // JVNDB: JVNDB-2016-001302 // CNNVD: CNNVD-201601-349 // NVD: CVE-2016-1295

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160115-asa	Trust: 2.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1295	Trust: 1.4
url:	http://www.securitytracker.com/id/1034691	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1295	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-00384 // VULHUB: VHN-90114 // BID: 80881 // JVNDB: JVNDB-2016-001302 // CNNVD: CNNVD-201601-349 // NVD: CVE-2016-1295

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 80881

SOURCES

db:	CNVD	id:	CNVD-2016-00384
db:	VULHUB	id:	VHN-90114
db:	BID	id:	80881
db:	JVNDB	id:	JVNDB-2016-001302
db:	CNNVD	id:	CNNVD-201601-349
db:	NVD	id:	CVE-2016-1295

LAST UPDATE DATE

2024-11-23T22:34:51.652000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00384	date:	2016-01-21T00:00:00
db:	VULHUB	id:	VHN-90114	date:	2016-12-07T00:00:00
db:	BID	id:	80881	date:	2016-07-05T21:22:00
db:	JVNDB	id:	JVNDB-2016-001302	date:	2016-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201601-349	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-1295	date:	2024-11-21T02:46:08.090

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00384	date:	2016-01-21T00:00:00
db:	VULHUB	id:	VHN-90114	date:	2016-01-16T00:00:00
db:	BID	id:	80881	date:	2016-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-001302	date:	2016-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201601-349	date:	2016-01-18T00:00:00
db:	NVD	id:	CVE-2016-1295	date:	2016-01-16T05:59:07.410