Details of VAR-201606-0286

ID

VAR-201606-0286

CVE

CVE-2016-1437

TITLE

Cisco Prime Collaboration Deployment of SQL In the database SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003322

DESCRIPTION

SQL injection vulnerability in the SQL database in Cisco Prime Collaboration Deployment before 11.5.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy92549. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCuy92549

Trust: 1.98

sources: NVD: CVE-2016-1437 // JVNDB: JVNDB-2016-003322 // BID: 91347 // VULHUB: VHN-90256

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration deployment	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration deployment	scope:	eq	version:	10.5.0	Trust: 1.6
vendor:	cisco	model:	prime collaboration deployment	scope:	eq	version:	11.0_base	Trust: 1.6
vendor:	cisco	model:	prime collaboration deployment	scope:	eq	version:	10.5.1	Trust: 1.6
vendor:	cisco	model:	prime collaboration deployment	scope:	lt	version:	11.5.1	Trust: 0.8

sources: JVNDB: JVNDB-2016-003322 // CNNVD: CNNVD-201606-489 // NVD: CVE-2016-1437

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1437
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1437
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201606-489
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90256
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1437
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90256
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1437
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90256 // JVNDB: JVNDB-2016-003322 // CNNVD: CNNVD-201606-489 // NVD: CVE-2016-1437

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-90256 // JVNDB: JVNDB-2016-003322 // NVD: CVE-2016-1437

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-489

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201606-489

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003322

PATCH

title:	cisco-sa-20160621-pcd	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160621-pcd	Trust: 0.8
title:	Cisco Prime Collaboration Deployment SQL Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62415	Trust: 0.6

sources: JVNDB: JVNDB-2016-003322 // CNNVD: CNNVD-201606-489

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1437	Trust: 2.8
db:	SECTRACK	id:	1036151	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-003322	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-489	Trust: 0.7
db:	BID	id:	91347	Trust: 0.4
db:	VULHUB	id:	VHN-90256	Trust: 0.1

sources: VULHUB: VHN-90256 // BID: 91347 // JVNDB: JVNDB-2016-003322 // CNNVD: CNNVD-201606-489 // NVD: CVE-2016-1437

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160621-pcd	Trust: 1.4
url:	http://www.securitytracker.com/id/1036151	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1437	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1437	Trust: 0.8
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160621-pcd/	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90256 // BID: 91347 // JVNDB: JVNDB-2016-003322 // CNNVD: CNNVD-201606-489 // NVD: CVE-2016-1437

CREDITS

Cisco

Trust: 0.3

sources: BID: 91347

SOURCES

db:	VULHUB	id:	VHN-90256
db:	BID	id:	91347
db:	JVNDB	id:	JVNDB-2016-003322
db:	CNNVD	id:	CNNVD-201606-489
db:	NVD	id:	CVE-2016-1437

LAST UPDATE DATE

2024-11-23T22:27:01.545000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90256	date:	2016-11-30T00:00:00
db:	BID	id:	91347	date:	2016-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-003322	date:	2016-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201606-489	date:	2016-06-23T00:00:00
db:	NVD	id:	CVE-2016-1437	date:	2024-11-21T02:46:26.523

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90256	date:	2016-06-23T00:00:00
db:	BID	id:	91347	date:	2016-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-003322	date:	2016-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201606-489	date:	2016-06-22T00:00:00
db:	NVD	id:	CVE-2016-1437	date:	2016-06-23T00:59:06.143