Details of VAR-201607-0433

ID

VAR-201607-0433

CVE

CVE-2016-1452

TITLE

Cisco ASR 5000 Series Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-05061 // CNNVD: CNNVD-201607-422

DESCRIPTION

Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. Cisco ASR 5000 Device software includes SNMP There are vulnerabilities whose settings can be changed via. Vendors have confirmed this vulnerability Bug ID CSCuz29526 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlLead by a third party - Light (read-write) By using community information, SNMP Settings may be changed via. The Cisco ASR5000 is the ASR5000 series of multi-function router products from Cisco. An information disclosure vulnerability exists in CiscoASR5000deviceswithsoftware18.3 to 20.0.0. A remote attacker can exploit this vulnerability to change configuration information. Cisco ASR 5000 Series is prone to an information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks

Trust: 2.52

sources: NVD: CVE-2016-1452 // JVNDB: JVNDB-2016-003784 // CNVD: CNVD-2016-05061 // BID: 91756 // VULHUB: VHN-90271

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-05061

AFFECTED PRODUCTS

vendor:	cisco	model:	asr 5000	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	19.1.0.61559	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	20.0.0	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	18.3_base	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	19.0.m0.61045	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	19.1.0	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	19.2.0	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	19.0.m0.60828	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	19.0.m0.60737	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	19.0.1	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	18.3.0	Trust: 1.0
vendor:	cisco	model:	asr 5000 software	scope:	eq	version:	19.3.0	Trust: 1.0
vendor:	cisco	model:	asr 5000 series software	scope:	lte	version:	18.3 from 20.0.0	Trust: 0.8
vendor:	cisco	model:	asr 5000 router	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	asr series	scope:	eq	version:	5000	Trust: 0.6
vendor:	cisco	model:	asr series	scope:	eq	version:	500020.0	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500019.3	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500019.2	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500019.1	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	eq	version:	500019.0	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	ne	version:	500020.1	Trust: 0.3
vendor:	cisco	model:	asr series	scope:	ne	version:	500019.4	Trust: 0.3

sources: CNVD: CNVD-2016-05061 // BID: 91756 // JVNDB: JVNDB-2016-003784 // CNNVD: CNNVD-201607-422 // NVD: CVE-2016-1452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1452
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1452
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-05061
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201607-422
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90271
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1452
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-05061
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90271
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1452
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-05061 // VULHUB: VHN-90271 // JVNDB: JVNDB-2016-003784 // CNNVD: CNNVD-201607-422 // NVD: CVE-2016-1452

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-254	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-90271 // JVNDB: JVNDB-2016-003784 // NVD: CVE-2016-1452

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-422

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201607-422

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003784

PATCH

title:	cisco-sa-20160713-asr	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr	Trust: 0.8
title:	Patch for the Cisco ASR5000 Series Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/79337	Trust: 0.6
title:	Cisco ASR 5000 Series Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62965	Trust: 0.6

sources: CNVD: CNVD-2016-05061 // JVNDB: JVNDB-2016-003784 // CNNVD: CNNVD-201607-422

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1452	Trust: 3.4
db:	BID	id:	91756	Trust: 2.6
db:	SECTRACK	id:	1036298	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-003784	Trust: 0.8
db:	CNNVD	id:	CNNVD-201607-422	Trust: 0.7
db:	CNVD	id:	CNVD-2016-05061	Trust: 0.6
db:	VULHUB	id:	VHN-90271	Trust: 0.1

sources: CNVD: CNVD-2016-05061 // VULHUB: VHN-90271 // BID: 91756 // JVNDB: JVNDB-2016-003784 // CNNVD: CNNVD-201607-422 // NVD: CVE-2016-1452

REFERENCES

url:	http://www.securityfocus.com/bid/91756	Trust: 2.3
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160713-asr	Trust: 2.0
url:	http://www.securitytracker.com/id/1036298	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1452	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1452	Trust: 0.8
url:	http://www.cisco.com/en/us/products/ps11072/	Trust: 0.3
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-05061 // VULHUB: VHN-90271 // BID: 91756 // JVNDB: JVNDB-2016-003784 // CNNVD: CNNVD-201607-422 // NVD: CVE-2016-1452

CREDITS

Cisco

Trust: 0.9

sources: BID: 91756 // CNNVD: CNNVD-201607-422

SOURCES

db:	CNVD	id:	CNVD-2016-05061
db:	VULHUB	id:	VHN-90271
db:	BID	id:	91756
db:	JVNDB	id:	JVNDB-2016-003784
db:	CNNVD	id:	CNNVD-201607-422
db:	NVD	id:	CVE-2016-1452

LAST UPDATE DATE

2024-11-23T23:02:33.935000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-05061	date:	2016-07-21T00:00:00
db:	VULHUB	id:	VHN-90271	date:	2017-09-01T00:00:00
db:	BID	id:	91756	date:	2016-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-003784	date:	2016-07-21T00:00:00
db:	CNNVD	id:	CNNVD-201607-422	date:	2016-07-18T00:00:00
db:	NVD	id:	CVE-2016-1452	date:	2024-11-21T02:46:28.180

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-05061	date:	2016-07-21T00:00:00
db:	VULHUB	id:	VHN-90271	date:	2016-07-15T00:00:00
db:	BID	id:	91756	date:	2016-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2016-003784	date:	2016-07-21T00:00:00
db:	CNNVD	id:	CNNVD-201607-422	date:	2016-07-15T00:00:00
db:	NVD	id:	CVE-2016-1452	date:	2016-07-15T16:59:06.207