Sign-up

ID

VAR-201602-0057


CVE

CVE-2016-1319


TITLE

plural Cisco Vulnerabilities in which important information is obtained in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-001497

DESCRIPTION

Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. plural Cisco The product stores a plaintext encryption key, so there is a vulnerability that allows important information to be obtained. Vendors have confirmed this vulnerability Bug ID CSCuv85958 It is released as.Local users may get important information. Cisco Unified Communications Manager (also known as CallManager) and others are products of Cisco (Cisco). CallManager is a call processing component in a unified communication system. A local attacker could exploit this vulnerability to obtain sensitive information

Trust: 1.71

sources: NVD: CVE-2016-1319 // JVNDB: JVNDB-2016-001497 // VULHUB: VHN-90138

AFFECTED PRODUCTS

vendor:zzincmodel:keymousescope:eqversion:3.08

Trust: 1.0

vendor:samsungmodel:x14jscope:eqversion:t-ms14jakucb-1102.5

Trust: 1.0

vendor:sunmodel:opensolarisscope:eqversion:snv_124

Trust: 1.0

vendor:zyxelmodel:gs1900-10hpscope:ltversion:2.50\(aazi.0\)c0

Trust: 1.0

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.10000.5)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:10.5(2.12901.1)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:11.0(1.10000.10)

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:9.1(2.10000.28)

Trust: 0.8

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:10.5(2)

Trust: 0.8

vendor:ciscomodel:unified contact center expressscope:eqversion:11.0(1)

Trust: 0.8

vendor:ciscomodel:unity connectionscope:eqversion:10.5(2)

Trust: 0.8

vendor:ciscomodel:unified communications manager im and presence servicescope:eqversion:10.5\\\(2\\\)

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:9.1\\\(2.10000.28\\\)

Trust: 0.6

vendor:ciscomodel:unity connectionscope:eqversion:10.5\\\(2\\\)

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\\\(2.10000.5\\\)

Trust: 0.6

vendor:ciscomodel:unified contact center expressscope:eqversion:11.0\\\(1\\\)

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.0\\\(1.10000.10\\\)

Trust: 0.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\\\(2.12901.1\\\)

Trust: 0.6

sources: JVNDB: JVNDB-2016-001497 // CNNVD: CNNVD-201602-172 // NVD: CVE-2016-1319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1319
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1319
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-172
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90138
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1319
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90138
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1319
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90138 // JVNDB: JVNDB-2016-001497 // CNNVD: CNNVD-201602-172 // NVD: CVE-2016-1319

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-90138 // JVNDB: JVNDB-2016-001497 // NVD: CVE-2016-1319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-172

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-172

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001497

PATCH
title:cisco-sa-20160208-ucmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm
Trust: 0.8
title:Multiple Cisco Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60115
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001497 // 
            
            
            
            CNNVD: CNNVD-201602-172

EXTERNAL IDS
db:NVDid:CVE-2016-1319
Trust: 2.5
db:SECTRACKid:1034959
Trust: 1.1
db:SECTRACKid:1034958
Trust: 1.1
db:SECTRACKid:1034960
Trust: 1.1
db:JVNDBid:JVNDB-2016-001497
Trust: 0.8
db:CNNVDid:CNNVD-201602-172
Trust: 0.7
db:VULHUBid:VHN-90138
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90138 // 
            
            
            
            JVNDB: JVNDB-2016-001497 // 
            
            
            
            CNNVD: CNNVD-201602-172 // 
            
            
            
            NVD: CVE-2016-1319

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160208-ucm
Trust: 1.7
url:http://www.securitytracker.com/id/1034958
Trust: 1.1
url:http://www.securitytracker.com/id/1034959
Trust: 1.1
url:http://www.securitytracker.com/id/1034960
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1319
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1319
Trust: 0.8
sources:
            
            
            VULHUB: VHN-90138 // 
            
            
            
            JVNDB: JVNDB-2016-001497 // 
            
            
            
            CNNVD: CNNVD-201602-172 // 
            
            
            
            NVD: CVE-2016-1319

SOURCES
db:VULHUBid:VHN-90138
db:JVNDBid:JVNDB-2016-001497
db:CNNVDid:CNNVD-201602-172
db:NVDid:CVE-2016-1319

LAST UPDATE DATE
2024-11-23T22:22:47.230000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90138date:2016-12-06T00:00:00
db:JVNDBid:JVNDB-2016-001497date:2016-02-25T00:00:00
db:CNNVDid:CNNVD-201602-172date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1319date:2024-11-21T02:46:10.783

SOURCES RELEASE DATE
db:VULHUBid:VHN-90138date:2016-02-09T00:00:00
db:JVNDBid:JVNDB-2016-001497date:2016-02-25T00:00:00
db:CNNVDid:CNNVD-201602-172date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1319date:2016-02-09T03:59:03.320