Details of VAR-201604-0566

ID

VAR-201604-0566

CVE

CVE-2016-1346

TITLE

Cisco Mobility Services Engine 8710 Run on device TelePresence Server Service disruption in some kernels (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-001948

DESCRIPTION

The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. Cisco TelePresence Server is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to trigger kernel panics, denying further service to legitimate users. This issue is being tracked by Cisco bug ID CSCuu46673

Trust: 1.98

sources: NVD: CVE-2016-1346 // JVNDB: JVNDB-2016-001948 // BID: 85891 // VULHUB: VHN-90165

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	zzinc	model:	keymouse	scope:	eq	version:	3.08	Trust: 1.0
vendor:	samsung	model:	x14j	scope:	eq	version:	t-ms14jakucb-1102.5	Trust: 1.0
vendor:	netgear	model:	jr6150	scope:	lt	version:	2017-01-06	Trust: 1.0
vendor:	zyxel	model:	gs1900-10hp	scope:	lt	version:	2.50\(aazi.0\)c0	Trust: 1.0
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0 to 4.2(4.18)	Trust: 0.8
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1\\\(1.95\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.0\\\(1.57\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0\\\(2.48\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1\\\(1.82\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1\\\(1.98\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0\\\(2.24\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	4.0\\\(2.8\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.1\\\(1.80\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0\\\(2.49\\\)	Trust: 0.6
vendor:	cisco	model:	telepresence server software	scope:	eq	version:	3.0\\\(2.46\\\)	Trust: 0.6

sources: JVNDB: JVNDB-2016-001948 // CNNVD: CNNVD-201604-049 // NVD: CVE-2016-1346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1346
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1346
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201604-049
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90165
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1346
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90165
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1346
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90165 // JVNDB: JVNDB-2016-001948 // CNNVD: CNNVD-201604-049 // NVD: CVE-2016-1346

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-90165 // JVNDB: JVNDB-2016-001948 // NVD: CVE-2016-1346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-049

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201604-049

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001948

PATCH

title:	cisco-sa-20160406-cts	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts	Trust: 0.8
title:	Cisco Mobility Services Engine TelePresence Server Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60784	Trust: 0.6

sources: JVNDB: JVNDB-2016-001948 // CNNVD: CNNVD-201604-049

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1346	Trust: 2.8
db:	SECTRACK	id:	1035499	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001948	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-049	Trust: 0.7
db:	BID	id:	85891	Trust: 0.4
db:	VULHUB	id:	VHN-90165	Trust: 0.1

sources: VULHUB: VHN-90165 // BID: 85891 // JVNDB: JVNDB-2016-001948 // CNNVD: CNNVD-201604-049 // NVD: CVE-2016-1346

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-cts	Trust: 1.7
url:	http://www.securitytracker.com/id/1035499	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1346	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1346	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90165 // BID: 85891 // JVNDB: JVNDB-2016-001948 // CNNVD: CNNVD-201604-049 // NVD: CVE-2016-1346

CREDITS

Cisco

Trust: 0.3

sources: BID: 85891

SOURCES

db:	VULHUB	id:	VHN-90165
db:	BID	id:	85891
db:	JVNDB	id:	JVNDB-2016-001948
db:	CNNVD	id:	CNNVD-201604-049
db:	NVD	id:	CVE-2016-1346

LAST UPDATE DATE

2024-11-23T23:05:36.021000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90165	date:	2016-12-03T00:00:00
db:	BID	id:	85891	date:	2016-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-001948	date:	2016-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201604-049	date:	2016-04-07T00:00:00
db:	NVD	id:	CVE-2016-1346	date:	2024-11-21T02:46:13.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90165	date:	2016-04-06T00:00:00
db:	BID	id:	85891	date:	2016-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-001948	date:	2016-04-08T00:00:00
db:	CNNVD	id:	CNNVD-201604-049	date:	2016-04-07T00:00:00
db:	NVD	id:	CVE-2016-1346	date:	2016-04-06T23:59:13.740