Sign-up

ID

VAR-201609-0315


CVE

CVE-2016-6405


TITLE

Cisco IOx of Fog Director Vulnerable to access restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2016-004796

DESCRIPTION

Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. Cisco Fog Director for IOx is an automated management platform based on IOx (an end-to-end application support system that provides application hosting capabilities) for centralized management of multiple applications running on the edge of the network. The platform controls application settings and lifecycles, and supports access and monitoring of large-scale IoT deployments. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuz89368

Trust: 3.06

sources: NVD: CVE-2016-6405 // JVNDB: JVNDB-2016-004796 // CNVD: CNVD-2016-07813 // CNNVD: CNNVD-201609-347 // BID: 92958 // VULHUB: VHN-95225

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-07813

AFFECTED PRODUCTS

vendor:ciscomodel:fog directorscope:eqversion:1.0\(0\)

Trust: 1.6

vendor:ciscomodel:fog directorscope:eqversion:1.0(0)

Trust: 1.4

vendor:ciscomodel:fog directorscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-07813 // BID: 92958 // JVNDB: JVNDB-2016-004796 // CNNVD: CNNVD-201609-347 // NVD: CVE-2016-6405

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6405
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-6405
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-07813
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201609-347
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95225
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6405
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-07813
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95225
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6405
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-07813 // VULHUB: VHN-95225 // JVNDB: JVNDB-2016-004796 // CNNVD: CNNVD-201609-347 // NVD: CVE-2016-6405

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-95225 // JVNDB: JVNDB-2016-004796 // NVD: CVE-2016-6405

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-347

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201609-347

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004796

PATCH
title:cisco-sa-20160914-ioxfdurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-ioxfd
Trust: 0.8
title:Patch for Cisco Fog Director for IOx Arbitrary File Writing Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/81550
Trust: 0.6
title:Cisco Fog Director for IOx Fixes for arbitrary file write vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64146
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-07813 // 
            
            
            
            JVNDB: JVNDB-2016-004796 // 
            
            
            
            CNNVD: CNNVD-201609-347

EXTERNAL IDS
db:NVDid:CVE-2016-6405
Trust: 3.4
db:BIDid:92958
Trust: 2.0
db:JVNDBid:JVNDB-2016-004796
Trust: 0.8
db:CNNVDid:CNNVD-201609-347
Trust: 0.7
db:CNVDid:CNVD-2016-07813
Trust: 0.6
db:VULHUBid:VHN-95225
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-07813 // 
            
            
            
            VULHUB: VHN-95225 // 
            
            
            
            BID: 92958 // 
            
            
            
            JVNDB: JVNDB-2016-004796 // 
            
            
            
            CNNVD: CNNVD-201609-347 // 
            
            
            
            NVD: CVE-2016-6405

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160914-ioxfd
Trust: 2.0
url:http://www.securityfocus.com/bid/92958
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6405
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6405
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-07813 // 
            
            
            
            VULHUB: VHN-95225 // 
            
            
            
            BID: 92958 // 
            
            
            
            JVNDB: JVNDB-2016-004796 // 
            
            
            
            CNNVD: CNNVD-201609-347 // 
            
            
            
            NVD: CVE-2016-6405

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 92958

SOURCES
db:CNVDid:CNVD-2016-07813
db:VULHUBid:VHN-95225
db:BIDid:92958
db:JVNDBid:JVNDB-2016-004796
db:CNNVDid:CNNVD-201609-347
db:NVDid:CVE-2016-6405

LAST UPDATE DATE
2024-11-23T22:07:47.317000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-07813date:2016-09-21T00:00:00
db:VULHUBid:VHN-95225date:2016-11-28T00:00:00
db:BIDid:92958date:2016-09-14T00:00:00
db:JVNDBid:JVNDB-2016-004796date:2016-09-21T00:00:00
db:CNNVDid:CNNVD-201609-347date:2016-09-19T00:00:00
db:NVDid:CVE-2016-6405date:2024-11-21T02:56:04.060

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-07813date:2016-09-21T00:00:00
db:VULHUBid:VHN-95225date:2016-09-18T00:00:00
db:BIDid:92958date:2016-09-14T00:00:00
db:JVNDBid:JVNDB-2016-004796date:2016-09-21T00:00:00
db:CNNVDid:CNNVD-201609-347date:2016-09-19T00:00:00
db:NVDid:CVE-2016-6405date:2016-09-18T22:59:14.813