Details of VAR-201607-0418

ID

VAR-201607-0418

CVE

CVE-2016-1416

TITLE

Cisco Prime Collaboration Provisioning Vulnerabilities in which administrator privileges are obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-003419

DESCRIPTION

Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. Vendors have confirmed this vulnerability Bug ID CSCuv37513 It is released as.A third party could gain administrative privileges through a crafted login attempt. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue being tracked by Cisco Bug ID CSCuv37513. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2016-1416 // JVNDB: JVNDB-2016-003419 // BID: 91505 // VULHUB: VHN-90235

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.6.2	Trust: 1.6
vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	10.6 sp2 (10.6.0.10602)	Trust: 0.8

sources: JVNDB: JVNDB-2016-003419 // CNNVD: CNNVD-201606-652 // NVD: CVE-2016-1416

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1416
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-1416
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201606-652
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-90235
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1416
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90235
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1416
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90235 // JVNDB: JVNDB-2016-003419 // CNNVD: CNNVD-201606-652 // NVD: CVE-2016-1416

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-90235 // JVNDB: JVNDB-2016-003419 // NVD: CVE-2016-1416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-652

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201606-652

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003419

PATCH

title:	cisco-sa-20160629-cpcpauthbypass	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-cpcpauthbypass	Trust: 0.8
title:	Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62561	Trust: 0.6

sources: JVNDB: JVNDB-2016-003419 // CNNVD: CNNVD-201606-652

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1416	Trust: 2.8
db:	BID	id:	91505	Trust: 1.4
db:	SECTRACK	id:	1036212	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-003419	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-652	Trust: 0.7
db:	VULHUB	id:	VHN-90235	Trust: 0.1

sources: VULHUB: VHN-90235 // BID: 91505 // JVNDB: JVNDB-2016-003419 // CNNVD: CNNVD-201606-652 // NVD: CVE-2016-1416

REFERENCES

url:	http://www.securityfocus.com/bid/91505	Trust: 1.1
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-cpcpauthbypass	Trust: 1.1
url:	http://www.securitytracker.com/id/1036212	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1416	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1416	Trust: 0.8
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-cpcpauthbypass/	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90235 // BID: 91505 // JVNDB: JVNDB-2016-003419 // CNNVD: CNNVD-201606-652 // NVD: CVE-2016-1416

CREDITS

This vulnerability was found during the resolution of a support case.

Trust: 0.6

sources: CNNVD: CNNVD-201606-652

SOURCES

db:	VULHUB	id:	VHN-90235
db:	BID	id:	91505
db:	JVNDB	id:	JVNDB-2016-003419
db:	CNNVD	id:	CNNVD-201606-652
db:	NVD	id:	CVE-2016-1416

LAST UPDATE DATE

2024-11-23T23:09:12.018000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90235	date:	2017-09-01T00:00:00
db:	BID	id:	91505	date:	2016-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2016-003419	date:	2016-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201606-652	date:	2016-07-04T00:00:00
db:	NVD	id:	CVE-2016-1416	date:	2024-11-21T02:46:24.317

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90235	date:	2016-07-02T00:00:00
db:	BID	id:	91505	date:	2016-06-29T00:00:00
db:	JVNDB	id:	JVNDB-2016-003419	date:	2016-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201606-652	date:	2016-06-30T00:00:00
db:	NVD	id:	CVE-2016-1416	date:	2016-07-02T14:59:08.367