Sign-up

ID

VAR-201606-0283


CVE

CVE-2016-1434


TITLE

Cisco IP Phone 8800 Series Directory Traversal Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-04235 // CNNVD: CNNVD-201606-478

DESCRIPTION

The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. The Cisco IP Phone 8800 Series is a 8000 series IP telephony product from Cisco. The product provides voice and video capabilities. This issue is being tracked by Cisco Bug ID CSCuz03010

Trust: 2.52

sources: NVD: CVE-2016-1434 // JVNDB: JVNDB-2016-003319 // CNVD: CNVD-2016-04235 // BID: 91320 // VULHUB: VHN-90253

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04235

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8800 seriesscope:eqversion:11.0(1)

Trust: 0.8

vendor:ciscomodel:ip phonesscope:eqversion:880011.0(1)

Trust: 0.6

vendor:ciscomodel:ip phone 8800scope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-04235 // JVNDB: JVNDB-2016-003319 // CNNVD: CNNVD-201606-478 // NVD: CVE-2016-1434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1434
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1434
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-04235
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-478
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90253
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1434
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-04235
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90253
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1434
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-04235 // VULHUB: VHN-90253 // JVNDB: JVNDB-2016-003319 // CNNVD: CNNVD-201606-478 // NVD: CVE-2016-1434

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-90253 // JVNDB: JVNDB-2016-003319 // NVD: CVE-2016-1434

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-478

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201606-478

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003319

PATCH
title:cisco-sa-20160620-ip-phoneurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone
Trust: 0.8
title:CiscoIPPhone8800Series Directory Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/78007
Trust: 0.6
title:Cisco IP Phone 8800 Series Fixes for directory traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62404
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-04235 // 
            
            
            
            JVNDB: JVNDB-2016-003319 // 
            
            
            
            CNNVD: CNNVD-201606-478

EXTERNAL IDS
db:NVDid:CVE-2016-1434
Trust: 3.4
db:SECTRACKid:1036139
Trust: 1.1
db:JVNDBid:JVNDB-2016-003319
Trust: 0.8
db:CNNVDid:CNNVD-201606-478
Trust: 0.7
db:CNVDid:CNVD-2016-04235
Trust: 0.6
db:AUSCERTid:ESB-2016.1563
Trust: 0.6
db:BIDid:91320
Trust: 0.3
db:VULHUBid:VHN-90253
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-04235 // 
            
            
            
            VULHUB: VHN-90253 // 
            
            
            
            BID: 91320 // 
            
            
            
            JVNDB: JVNDB-2016-003319 // 
            
            
            
            CNNVD: CNNVD-201606-478 // 
            
            
            
            NVD: CVE-2016-1434

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160620-ip-phone/
Trust: 1.2
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160620-ip-phone
Trust: 1.1
url:http://www.securitytracker.com/id/1036139
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1434
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1434
Trust: 0.8
url:http://www.auscert.org.au/./render.html?it=36054
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-04235 // 
            
            
            
            VULHUB: VHN-90253 // 
            
            
            
            BID: 91320 // 
            
            
            
            JVNDB: JVNDB-2016-003319 // 
            
            
            
            CNNVD: CNNVD-201606-478 // 
            
            
            
            NVD: CVE-2016-1434

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 91320

SOURCES
db:CNVDid:CNVD-2016-04235
db:VULHUBid:VHN-90253
db:BIDid:91320
db:JVNDBid:JVNDB-2016-003319
db:CNNVDid:CNNVD-201606-478
db:NVDid:CVE-2016-1434

LAST UPDATE DATE
2024-11-23T22:07:49.239000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04235date:2016-06-23T00:00:00
db:VULHUBid:VHN-90253date:2016-11-30T00:00:00
db:BIDid:91320date:2016-07-06T15:01:00
db:JVNDBid:JVNDB-2016-003319date:2016-06-24T00:00:00
db:CNNVDid:CNNVD-201606-478date:2016-06-23T00:00:00
db:NVDid:CVE-2016-1434date:2024-11-21T02:46:26.197

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-04235date:2016-06-23T00:00:00
db:VULHUBid:VHN-90253date:2016-06-23T00:00:00
db:BIDid:91320date:2016-06-20T00:00:00
db:JVNDBid:JVNDB-2016-003319date:2016-06-24T00:00:00
db:CNNVDid:CNNVD-201606-478date:2016-06-21T00:00:00
db:NVDid:CVE-2016-1434date:2016-06-23T00:59:03.190