Details of VAR-201602-0054

ID

VAR-201602-0054

CVE

CVE-2016-1316

TITLE

Cisco Jabber Guest Used in conjunction with TelePresence Video Communication Server Vulnerable to obtaining important call statistics information

Trust: 0.8

sources: JVNDB: JVNDB-2016-001454

DESCRIPTION

Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. Vendors have confirmed this vulnerability Bug ID CSCux73362 It is released as.Unspecified by a third party URL You may get important call statistics via a direct request to. Cisco TelePresenceVideo Communication Server is a telepresence video communication server from Cisco, Inc. that integrates with unified communications and voice communications environments to provide the best experience for end users using a variety of communication tools. An attacker can exploit this issue to obtain sensitive information. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCux73362

Trust: 2.52

sources: NVD: CVE-2016-1316 // JVNDB: JVNDB-2016-001454 // CNVD: CNVD-2016-01063 // BID: 82948 // VULHUB: VHN-90135

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-01063

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.2.1	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.2.2	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.2_base	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.5.0	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.5.2	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1_base	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1.2	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.5.1	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.7_base	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1.1	Trust: 1.6
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.5.3	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.6.0	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.6.1	Trust: 1.0
vendor:	cisco	model:	telepresence video communication server software	scope:	eq	version:	x8.1 to x8.7	Trust: 0.8
vendor:	cisco	model:	telepresence video communication server	scope:	eq	version:	x8	Trust: 0.6

sources: CNVD: CNVD-2016-01063 // JVNDB: JVNDB-2016-001454 // CNNVD: CNNVD-201602-169 // NVD: CVE-2016-1316

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1316
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1316
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-01063
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201602-169
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90135
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1316
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-01063
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90135
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1316
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-01063 // VULHUB: VHN-90135 // JVNDB: JVNDB-2016-001454 // CNNVD: CNNVD-201602-169 // NVD: CVE-2016-1316

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-90135 // JVNDB: JVNDB-2016-001454 // NVD: CVE-2016-1316

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-169

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-169

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001454

PATCH

title:	cisco-sa-20160208-vcs	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs	Trust: 0.8
title:	Patch for CiscoTelePresenceVideoCommunicationServer Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/71446	Trust: 0.6

sources: CNVD: CNVD-2016-01063 // JVNDB: JVNDB-2016-001454

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1316	Trust: 3.4
db:	SECTRACK	id:	1034956	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001454	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-169	Trust: 0.7
db:	CNVD	id:	CNVD-2016-01063	Trust: 0.6
db:	BID	id:	82948	Trust: 0.3
db:	VULHUB	id:	VHN-90135	Trust: 0.1

sources: CNVD: CNVD-2016-01063 // VULHUB: VHN-90135 // BID: 82948 // JVNDB: JVNDB-2016-001454 // CNNVD: CNNVD-201602-169 // NVD: CVE-2016-1316

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160208-vcs	Trust: 2.6
url:	http://www.securitytracker.com/id/1034956	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1316	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1316	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-01063 // VULHUB: VHN-90135 // BID: 82948 // JVNDB: JVNDB-2016-001454 // CNNVD: CNNVD-201602-169 // NVD: CVE-2016-1316

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 82948

SOURCES

db:	CNVD	id:	CNVD-2016-01063
db:	VULHUB	id:	VHN-90135
db:	BID	id:	82948
db:	JVNDB	id:	JVNDB-2016-001454
db:	CNNVD	id:	CNNVD-201602-169
db:	NVD	id:	CVE-2016-1316

LAST UPDATE DATE

2024-11-23T22:13:20.363000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-01063	date:	2016-02-17T00:00:00
db:	VULHUB	id:	VHN-90135	date:	2016-12-06T00:00:00
db:	BID	id:	82948	date:	2016-07-06T12:17:00
db:	JVNDB	id:	JVNDB-2016-001454	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-169	date:	2016-02-15T00:00:00
db:	NVD	id:	CVE-2016-1316	date:	2024-11-21T02:46:10.463

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-01063	date:	2016-02-17T00:00:00
db:	VULHUB	id:	VHN-90135	date:	2016-02-09T00:00:00
db:	BID	id:	82948	date:	2016-02-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-001454	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201602-169	date:	2016-02-15T00:00:00
db:	NVD	id:	CVE-2016-1316	date:	2016-02-09T03:59:00.117