ID
VAR-201608-0225
CVE
CVE-2016-6362
TITLE
plural Cisco Aironet Vulnerabilities that can be used to gain privileges in device software
Trust: 0.8
sources:
JVNDB: JVNDB-2016-004434
DESCRIPTION
Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725. Cisco Aironet 1800 , 2800 ,and 3800 The device software contains a privileged vulnerability. Cisco Aironet AccessPoints is a set of wireless access point devices from Cisco. A local attacker could exploit this vulnerability to gain root privileges on the device. This issue is being tracked by Cisco Bug ID CSCuz24725. Cisco Aironet 1800 , 2800 and 3800 Both are American Cisco ( Cisco ) company's router. The following products are affected: using 8.2.110.0 Version, 8.2.121.0 previous 8.2.12x Version, 8.3.102.0 previous 8.3.x version software Cisco Aironet 1800 , 2800 and 3800 equipment
Trust: 2.61
sources:
NVD: CVE-2016-6362 //
JVNDB: JVNDB-2016-004434 //
CNVD: CNVD-2016-06441 //
BID: 92513 //
VULHUB: VHN-95182 //
VULMON: CVE-2016-6362
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2016-06441
AFFECTED PRODUCTS
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.2\(100.0\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.1\(15.14\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.1\(112.3\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.2\(102.43\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.1\(131.0\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.1\(112.4\) | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.3.0 | Trust: 1.6 |
| vendor: | cisco | model: | aironet access point software | scope: | lt | version: | 8.3.x | Trust: 0.8 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.2.121.0 | Trust: 0.8 |
| vendor: | cisco | model: | aironet access point software | scope: | eq | version: | 8.3.102.0 | Trust: 0.8 |
| vendor: | cisco | model: | aironet access point software | scope: | lt | version: | 8.2.12x | Trust: 0.8 |
| vendor: | cisco | model: | aironet series access point | scope: | eq | version: | 3800 | Trust: 0.6 |
| vendor: | cisco | model: | aironet series access point | scope: | eq | version: | 2800 | Trust: 0.6 |
| vendor: | cisco | model: | aironet series access point | scope: | eq | version: | 1800 | Trust: 0.6 |
| vendor: | cisco | model: | aironet series access points | scope: | eq | version: | 38000 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | eq | version: | 28000 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | eq | version: | 18000 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 38008.3.102.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 38008.2.121.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 28008.3.102.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 28008.2.121.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 18008.3.102.0 | Trust: 0.3 |
| vendor: | cisco | model: | aironet series access points | scope: | ne | version: | 18008.2.121.0 | Trust: 0.3 |
sources:
CNVD: CNVD-2016-06441 //
BID: 92513 //
JVNDB: JVNDB-2016-004434 //
CNNVD: CNNVD-201608-331 //
NVD: CVE-2016-6362
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2016-06441 //
VULHUB: VHN-95182 //
VULMON: CVE-2016-6362 //
JVNDB: JVNDB-2016-004434 //
CNNVD: CNNVD-201608-331 //
NVD: CVE-2016-6362
PROBLEMTYPE DATA
| problemtype: | CWE-264 | Trust: 1.9 |
sources:
VULHUB: VHN-95182 //
JVNDB: JVNDB-2016-004434 //
NVD: CVE-2016-6362
THREAT TYPE
local
Trust: 0.9
sources:
BID: 92513 //
CNNVD: CNNVD-201608-331
TYPE
permissions and access control
Trust: 0.6
sources:
CNNVD: CNNVD-201608-331
CONFIGURATIONS
sources:
JVNDB: JVNDB-2016-004434
PATCH
| title: | cisco-sa-20160817-aap1 | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1 | Trust: 0.8 |
| title: | Patch for CiscoAironetAccessPoints Platform Empowerment Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/80563 | Trust: 0.6 |
| title: | Cisco Aironet 1800 , 2800 and 3800 Repair measures for platform escalation vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63697 | Trust: 0.6 |
| title: | Cisco: Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation Vulnerability | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160817-aap1 | Trust: 0.1 |
sources:
CNVD: CNVD-2016-06441 //
VULMON: CVE-2016-6362 //
JVNDB: JVNDB-2016-004434 //
CNNVD: CNNVD-201608-331
EXTERNAL IDS
| db: | NVD | id: | CVE-2016-6362 | Trust: 3.5 |
| db: | BID | id: | 92513 | Trust: 2.7 |
| db: | SECTRACK | id: | 1036644 | Trust: 1.2 |
| db: | JVNDB | id: | JVNDB-2016-004434 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201608-331 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2016-06441 | Trust: 0.6 |
| db: | NSFOCUS | id: | 34594 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-95182 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2016-6362 | Trust: 0.1 |
sources:
CNVD: CNVD-2016-06441 //
VULHUB: VHN-95182 //
VULMON: CVE-2016-6362 //
BID: 92513 //
JVNDB: JVNDB-2016-004434 //
CNNVD: CNNVD-201608-331 //
NVD: CVE-2016-6362
REFERENCES
| url: | http://www.securityfocus.com/bid/92513 | Trust: 2.4 |
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-aap1 | Trust: 2.2 |
| url: | http://www.securitytracker.com/id/1036644 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6362 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6362 | Trust: 0.8 |
| url: | http://www.nsfocus.net/vulndb/34594 | Trust: 0.6 |
| url: | http://www.cisco.com | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/264.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
CNVD: CNVD-2016-06441 //
VULHUB: VHN-95182 //
VULMON: CVE-2016-6362 //
BID: 92513 //
JVNDB: JVNDB-2016-004434 //
CNNVD: CNNVD-201608-331 //
NVD: CVE-2016-6362
CREDITS
Cisco
Trust: 0.9
sources:
BID: 92513 //
CNNVD: CNNVD-201608-331
SOURCES
| db: | CNVD | id: | CNVD-2016-06441 |
| db: | VULHUB | id: | VHN-95182 |
| db: | VULMON | id: | CVE-2016-6362 |
| db: | BID | id: | 92513 |
| db: | JVNDB | id: | JVNDB-2016-004434 |
| db: | CNNVD | id: | CNNVD-201608-331 |
| db: | NVD | id: | CVE-2016-6362 |
LAST UPDATE DATE
2024-11-23T22:38:43.770000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2016-06441 | date: | 2016-08-19T00:00:00 |
| db: | VULHUB | id: | VHN-95182 | date: | 2016-12-12T00:00:00 |
| db: | VULMON | id: | CVE-2016-6362 | date: | 2016-12-12T00:00:00 |
| db: | BID | id: | 92513 | date: | 2016-08-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-004434 | date: | 2016-08-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201608-331 | date: | 2016-08-23T00:00:00 |
| db: | NVD | id: | CVE-2016-6362 | date: | 2024-11-21T02:55:58.890 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2016-06441 | date: | 2016-08-22T00:00:00 |
| db: | VULHUB | id: | VHN-95182 | date: | 2016-08-22T00:00:00 |
| db: | VULMON | id: | CVE-2016-6362 | date: | 2016-08-22T00:00:00 |
| db: | BID | id: | 92513 | date: | 2016-08-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2016-004434 | date: | 2016-08-23T00:00:00 |
| db: | CNNVD | id: | CNNVD-201608-331 | date: | 2016-08-18T00:00:00 |
| db: | NVD | id: | CVE-2016-6362 | date: | 2016-08-22T10:59:11.120 |