Details of VAR-201602-0048

ID

VAR-201602-0048

CVE

CVE-2016-1307

TITLE

Cisco Finesse Desktop and Unified Contact Center Express of Openfire Vulnerability to gain access rights on the server

Trust: 0.8

sources: JVNDB: JVNDB-2016-001493

DESCRIPTION

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. Vendors have confirmed this vulnerability Bug ID CSCuw79085 It is released as.By a third party XMPP Access may be gained through a session. Attackers can exploit this issue to gain unauthorized access to the affected application. This may allow an attacker to obtain and modify sensitive information. This issue is being tracked by Cisco bug IDs CSCuw79085 and CSCuw86638. Cisco Finesse Desktop is a suite of next-generation agent and desktop management software for customer collaboration solutions; Unified CCX is a customer relationship management component of a unified communications solution. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control

Trust: 1.98

sources: NVD: CVE-2016-1307 // JVNDB: JVNDB-2016-001493 // BID: 82400 // VULHUB: VHN-90126

AFFECTED PRODUCTS

vendor:	zyxel	model:	gs1900-10hp	scope:	lt	version:	2.50\(aazi.0\)c0	Trust: 1.0
vendor:	zzinc	model:	keymouse	scope:	eq	version:	3.08	Trust: 1.0
vendor:	cisco	model:	finesse	scope:	eq	version:	10.5(1)	Trust: 0.8
vendor:	cisco	model:	finesse	scope:	eq	version:	11.0(1)	Trust: 0.8
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	10.6(1)	Trust: 0.8
vendor:	cisco	model:	finesse	scope:	eq	version:	10.5\\\(1\\\)_base	Trust: 0.6
vendor:	cisco	model:	finesse	scope:	eq	version:	11.0\\\(1\\\)_base	Trust: 0.6
vendor:	cisco	model:	unified contact center express	scope:	eq	version:	10.6\\\(1\\\)	Trust: 0.6

sources: JVNDB: JVNDB-2016-001493 // CNNVD: CNNVD-201602-143 // NVD: CVE-2016-1307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1307
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1307
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-143
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90126
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1307
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90126
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1307
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.5
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90126 // JVNDB: JVNDB-2016-001493 // CNNVD: CNNVD-201602-143 // NVD: CVE-2016-1307

PROBLEMTYPE DATA

problemtype:	CWE-255	Trust: 1.9
problemtype:	CWE-287	Trust: 1.9

sources: VULHUB: VHN-90126 // JVNDB: JVNDB-2016-001493 // NVD: CVE-2016-1307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-143

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201602-143

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001493

PATCH

title:	cisco-sa-20160202-fducce	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce	Trust: 0.8
title:	Cisco Finesse Desktop and Unified Contact Center Express Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60091	Trust: 0.6

sources: JVNDB: JVNDB-2016-001493 // CNNVD: CNNVD-201602-143

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1307	Trust: 2.8
db:	SECTRACK	id:	1034921	Trust: 1.1
db:	SECTRACK	id:	1034920	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001493	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-143	Trust: 0.7
db:	BID	id:	82400	Trust: 0.3
db:	VULHUB	id:	VHN-90126	Trust: 0.1

sources: VULHUB: VHN-90126 // BID: 82400 // JVNDB: JVNDB-2016-001493 // CNNVD: CNNVD-201602-143 // NVD: CVE-2016-1307

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160202-fducce	Trust: 2.0
url:	http://www.securitytracker.com/id/1034920	Trust: 1.1
url:	http://www.securitytracker.com/id/1034921	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1307	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1307	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90126 // BID: 82400 // JVNDB: JVNDB-2016-001493 // CNNVD: CNNVD-201602-143 // NVD: CVE-2016-1307

CREDITS

Cisco.

Trust: 0.3

sources: BID: 82400

SOURCES

db:	VULHUB	id:	VHN-90126
db:	BID	id:	82400
db:	JVNDB	id:	JVNDB-2016-001493
db:	CNNVD	id:	CNNVD-201602-143
db:	NVD	id:	CVE-2016-1307

LAST UPDATE DATE

2024-11-23T22:56:22.681000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90126	date:	2016-12-06T00:00:00
db:	BID	id:	82400	date:	2016-07-05T21:21:00
db:	JVNDB	id:	JVNDB-2016-001493	date:	2016-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201602-143	date:	2016-02-15T00:00:00
db:	NVD	id:	CVE-2016-1307	date:	2024-11-21T02:46:09.473

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90126	date:	2016-02-07T00:00:00
db:	BID	id:	82400	date:	2016-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2016-001493	date:	2016-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201602-143	date:	2016-02-14T00:00:00
db:	NVD	id:	CVE-2016-1307	date:	2016-02-07T11:59:03.880