Details of VAR-201609-0312

ID

VAR-201609-0312

CVE

CVE-2016-6402

TITLE

Cisco Unified Computing System of UCS Manager and UCS 6200 Fabric Interconnects In OS of root Vulnerability gained access

Trust: 0.8

sources: JVNDB: JVNDB-2016-004790

DESCRIPTION

UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. Cisco Unified Computing System is prone to a local privilege-escalation because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary commands with root level privileges. This issue is being tracked by Cisco Bug ID CSCuz91263. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. UCS Manager is one of the embedded device management software. UCS 6200 Fabric Interconnects is one of the interconnection devices

Trust: 1.98

sources: NVD: CVE-2016-6402 // JVNDB: JVNDB-2016-004790 // BID: 92956 // VULHUB: VHN-95222

AFFECTED PRODUCTS

vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1e\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1b\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1d\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(2c\)a	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1h\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1f\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2_base	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1g\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(1c\)	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(5b\)a	Trust: 1.6
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(2e\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(4b\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(1c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(1d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(2d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3g\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(2c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3e\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3a\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(1e\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(5a\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3f\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	3.0\(2d\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(4c\)	Trust: 1.0
vendor:	cisco	model:	unified computing system	scope:	eq	version:	2.2\(3b\)	Trust: 1.0
vendor:	cisco	model:	unified computing system software	scope:	lte	version:	3.0(2d)	Trust: 0.8
vendor:	cisco	model:	unified computing system fabric interconnects	scope:	eq	version:	6200	Trust: 0.3
vendor:	cisco	model:	unified computing system	scope:	eq	version:	0	Trust: 0.3

sources: BID: 92956 // JVNDB: JVNDB-2016-004790 // CNNVD: CNNVD-201609-344 // NVD: CVE-2016-6402

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6402
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6402
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201609-344
value:	HIGH
Trust: 0.6
VULHUB:	VHN-95222
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-6402
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95222
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6402
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95222 // JVNDB: JVNDB-2016-004790 // CNNVD: CNNVD-201609-344 // NVD: CVE-2016-6402

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-95222 // JVNDB: JVNDB-2016-004790 // NVD: CVE-2016-6402

THREAT TYPE

local

Trust: 0.9

sources: BID: 92956 // CNNVD: CNNVD-201609-344

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201609-344

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004790

PATCH

title:	cisco-sa-20160914-ucs	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ucs	Trust: 0.8
title:	Cisco UCS Manager and UCS 6200 Fabric Interconnects Repair measures for privilege escalation	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64143	Trust: 0.6

sources: JVNDB: JVNDB-2016-004790 // CNNVD: CNNVD-201609-344

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6402	Trust: 2.8
db:	BID	id:	92956	Trust: 1.4
db:	SECTRACK	id:	1036831	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-004790	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-344	Trust: 0.7
db:	VULHUB	id:	VHN-95222	Trust: 0.1

sources: VULHUB: VHN-95222 // BID: 92956 // JVNDB: JVNDB-2016-004790 // CNNVD: CNNVD-201609-344 // NVD: CVE-2016-6402

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160914-ucs	Trust: 2.0
url:	http://www.securityfocus.com/bid/92956	Trust: 1.1
url:	http://www.securitytracker.com/id/1036831	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6402	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6402	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-95222 // BID: 92956 // JVNDB: JVNDB-2016-004790 // CNNVD: CNNVD-201609-344 // NVD: CVE-2016-6402

CREDITS

Cisco

Trust: 0.3

sources: BID: 92956

SOURCES

db:	VULHUB	id:	VHN-95222
db:	BID	id:	92956
db:	JVNDB	id:	JVNDB-2016-004790
db:	CNNVD	id:	CNNVD-201609-344
db:	NVD	id:	CVE-2016-6402

LAST UPDATE DATE

2024-11-23T22:01:24.234000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95222	date:	2017-07-30T00:00:00
db:	BID	id:	92956	date:	2016-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-004790	date:	2016-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201609-344	date:	2016-09-19T00:00:00
db:	NVD	id:	CVE-2016-6402	date:	2024-11-21T02:56:03.720

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95222	date:	2016-09-18T00:00:00
db:	BID	id:	92956	date:	2016-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-004790	date:	2016-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201609-344	date:	2016-09-19T00:00:00
db:	NVD	id:	CVE-2016-6402	date:	2016-09-18T22:59:11.550