Details of VAR-201605-0550

ID

VAR-201605-0550

CVE

CVE-2016-1392

TITLE

Cisco Prime Collaboration Assurance Software open redirect vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-002465

DESCRIPTION

Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121. Vendors have confirmed this vulnerability Bug ID CSCuu34121 It is released as. Supplementary information : CWE Vulnerability type by CWE-601: URL Redirection to Untrusted Site ( Open redirect ) Has been identified. http://cwe.mitre.org/data/definitions/601.htmlAny user by a third party Web You may be redirected to a site and run a phishing attack. An attacker can leverage this issue to conduct phishing attacks; other attacks are possible. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. The vulnerability is caused by the program not performing proper input validation on HTTP request parameters

Trust: 1.98

sources: NVD: CVE-2016-1392 // JVNDB: JVNDB-2016-002465 // BID: 89841 // VULHUB: VHN-90211

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.5.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	11.0.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.6.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration assurance	scope:	eq	version:	10.5 to 11.0	Trust: 0.8

sources: JVNDB: JVNDB-2016-002465 // CNNVD: CNNVD-201605-031 // NVD: CVE-2016-1392

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1392
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1392
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201605-031
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90211
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1392
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90211
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1392
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90211 // JVNDB: JVNDB-2016-002465 // CNNVD: CNNVD-201605-031 // NVD: CVE-2016-1392

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-002465 // NVD: CVE-2016-1392

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-031

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201605-031

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002465

PATCH

title:	cisco-sa-20160503-pca	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca	Trust: 0.8
title:	Cisco Prime Collaboration Assurance Fixes for open redirect vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61356	Trust: 0.6

sources: JVNDB: JVNDB-2016-002465 // CNNVD: CNNVD-201605-031

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1392	Trust: 2.8
db:	SECTRACK	id:	1035736	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-002465	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-031	Trust: 0.7
db:	BID	id:	89841	Trust: 0.3
db:	VULHUB	id:	VHN-90211	Trust: 0.1

sources: VULHUB: VHN-90211 // BID: 89841 // JVNDB: JVNDB-2016-002465 // CNNVD: CNNVD-201605-031 // NVD: CVE-2016-1392

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160503-pca	Trust: 2.0
url:	http://www.securitytracker.com/id/1035736	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1392	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1392	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90211 // BID: 89841 // JVNDB: JVNDB-2016-002465 // CNNVD: CNNVD-201605-031 // NVD: CVE-2016-1392

CREDITS

Cisco

Trust: 0.3

sources: BID: 89841

SOURCES

db:	VULHUB	id:	VHN-90211
db:	BID	id:	89841
db:	JVNDB	id:	JVNDB-2016-002465
db:	CNNVD	id:	CNNVD-201605-031
db:	NVD	id:	CVE-2016-1392

LAST UPDATE DATE

2024-11-23T22:18:15.862000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90211	date:	2016-12-01T00:00:00
db:	BID	id:	89841	date:	2016-07-06T14:35:00
db:	JVNDB	id:	JVNDB-2016-002465	date:	2016-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201605-031	date:	2016-05-04T00:00:00
db:	NVD	id:	CVE-2016-1392	date:	2024-11-21T02:46:21.460

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90211	date:	2016-05-05T00:00:00
db:	BID	id:	89841	date:	2016-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-002465	date:	2016-05-10T00:00:00
db:	CNNVD	id:	CNNVD-201605-031	date:	2016-05-04T00:00:00
db:	NVD	id:	CVE-2016-1392	date:	2016-05-05T21:59:05.800