Sign-up

ID

VAR-201603-0287


CVE

CVE-2016-1358


TITLE

Cisco Prime Infrastructure Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2016-001785

DESCRIPTION

Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497. Cisco Prime Infrastructure Any file can be read or service disruption (DoS) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCuw81497 It is released as. Cisco Prime Infrastructure (PI) is a set of Cisco (Cisco) wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technology. A security vulnerability exists in Cisco PI. The following releases are affected: Cisco PI Release 2.2, Release 3.0, Release 3.1(0.0)

Trust: 1.71

sources: NVD: CVE-2016-1358 // JVNDB: JVNDB-2016-001785 // VULHUB: VHN-90177

AFFECTED PRODUCTS

vendor:ciscomodel:prime infrastructurescope:eqversion:2.2

Trust: 1.8

vendor:ciscomodel:prime infrastructurescope:eqversion:3.0

Trust: 1.8

vendor:ciscomodel:prime infrastructurescope:eqversion:3.1

Trust: 1.0

vendor:ciscomodel:prime infrastructurescope:eqversion:3.1(0.0)

Trust: 0.8

vendor:ciscomodel:prime infrastructurescope:eqversion:3.0.0

Trust: 0.6

vendor:ciscomodel:prime infrastructurescope:eqversion:3.1.0

Trust: 0.6

vendor:ciscomodel:prime infrastructurescope:eqversion:2.2.0

Trust: 0.6

sources: JVNDB: JVNDB-2016-001785 // CNNVD: CNNVD-201603-027 // NVD: CVE-2016-1358

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1358
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1358
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201603-027
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90177
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1358
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90177
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1358
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90177 // JVNDB: JVNDB-2016-001785 // CNNVD: CNNVD-201603-027 // NVD: CVE-2016-1358

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-90177 // JVNDB: JVNDB-2016-001785 // NVD: CVE-2016-1358

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-027

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201603-027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001785

PATCH
title:cisco-sa-20160302-cpiurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-cpi
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-001785

EXTERNAL IDS
db:NVDid:CVE-2016-1358
Trust: 2.5
db:SECTRACKid:1035181
Trust: 1.7
db:JVNDBid:JVNDB-2016-001785
Trust: 0.8
db:CNNVDid:CNNVD-201603-027
Trust: 0.7
db:BIDid:84110
Trust: 0.1
db:VULHUBid:VHN-90177
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90177 // 
            
            
            
            JVNDB: JVNDB-2016-001785 // 
            
            
            
            CNNVD: CNNVD-201603-027 // 
            
            
            
            NVD: CVE-2016-1358

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160302-cpi
Trust: 1.7
url:http://www.securitytracker.com/id/1035181
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1358
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1358
Trust: 0.8
sources:
            
            
            VULHUB: VHN-90177 // 
            
            
            
            JVNDB: JVNDB-2016-001785 // 
            
            
            
            CNNVD: CNNVD-201603-027 // 
            
            
            
            NVD: CVE-2016-1358

SOURCES
db:VULHUBid:VHN-90177
db:JVNDBid:JVNDB-2016-001785
db:CNNVDid:CNNVD-201603-027
db:NVDid:CVE-2016-1358

LAST UPDATE DATE
2024-11-23T22:31:00.230000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90177date:2019-07-29T00:00:00
db:JVNDBid:JVNDB-2016-001785date:2016-03-18T00:00:00
db:CNNVDid:CNNVD-201603-027date:2019-07-30T00:00:00
db:NVDid:CVE-2016-1358date:2024-11-21T02:46:15.053

SOURCES RELEASE DATE
db:VULHUBid:VHN-90177date:2016-03-03T00:00:00
db:JVNDBid:JVNDB-2016-001785date:2016-03-18T00:00:00
db:CNNVDid:CNNVD-201603-027date:2016-03-04T00:00:00
db:NVDid:CVE-2016-1358date:2016-03-03T22:59:15.037