Sign-up

ID

VAR-201609-0323


CVE

CVE-2016-6413


TITLE

Cisco Application Policy Infrastructure Controller In the device installation procedure root Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2016-004897

DESCRIPTION

The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. Vendors have confirmed this vulnerability Bug ID CSCva50496 It is released as.By local users root Access rights may be obtained. A local attacker may exploit this issue to gain root privileges on the affected system. This issue is being tracked by Cisco Bug ID CSCva50496. The vulnerability stems from the fact that the program does not properly handle binary files

Trust: 1.98

sources: NVD: CVE-2016-6413 // JVNDB: JVNDB-2016-004897 // BID: 93089 // VULHUB: VHN-95233

AFFECTED PRODUCTS

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.3\(2f\)

Trust: 1.6

vendor:ciscomodel:application policy infrastructure controller softwarescope:eqversion:1.3(2f)

Trust: 0.8

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:0

Trust: 0.3

sources: BID: 93089 // JVNDB: JVNDB-2016-004897 // CNNVD: CNNVD-201609-518 // NVD: CVE-2016-6413

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6413
value: HIGH

Trust: 1.0

NVD: CVE-2016-6413
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201609-518
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95233
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6413
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95233
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6413
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95233 // JVNDB: JVNDB-2016-004897 // CNNVD: CNNVD-201609-518 // NVD: CVE-2016-6413

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-95233 // JVNDB: JVNDB-2016-004897 // NVD: CVE-2016-6413

THREAT TYPE

local

Trust: 0.9

sources: BID: 93089 // CNNVD: CNNVD-201609-518

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201609-518

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004897

PATCH
title:cisco-sa-20160921-apicurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-apic
Trust: 0.8
title:Cisco Application Policy Infrastructure Controller Repair measures for privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64254
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004897 // 
            
            
            
            CNNVD: CNNVD-201609-518

EXTERNAL IDS
db:NVDid:CVE-2016-6413
Trust: 2.8
db:SECTRACKid:1036872
Trust: 1.1
db:BIDid:93089
Trust: 0.9
db:JVNDBid:JVNDB-2016-004897
Trust: 0.8
db:CNNVDid:CNNVD-201609-518
Trust: 0.7
db:VULHUBid:VHN-95233
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95233 // 
            
            
            
            BID: 93089 // 
            
            
            
            JVNDB: JVNDB-2016-004897 // 
            
            
            
            CNNVD: CNNVD-201609-518 // 
            
            
            
            NVD: CVE-2016-6413

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160921-apic
Trust: 2.0
url:http://www.securitytracker.com/id/1036872
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6413
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6413
Trust: 0.8
url:http://www.securityfocus.com/bid/93089
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95233 // 
            
            
            
            BID: 93089 // 
            
            
            
            JVNDB: JVNDB-2016-004897 // 
            
            
            
            CNNVD: CNNVD-201609-518 // 
            
            
            
            NVD: CVE-2016-6413

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 93089 // 
            
            
            
            CNNVD: CNNVD-201609-518

SOURCES
db:VULHUBid:VHN-95233
db:BIDid:93089
db:JVNDBid:JVNDB-2016-004897
db:CNNVDid:CNNVD-201609-518
db:NVDid:CVE-2016-6413

LAST UPDATE DATE
2024-11-23T23:05:34.924000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95233date:2017-07-30T00:00:00
db:BIDid:93089date:2016-09-23T00:00:00
db:JVNDBid:JVNDB-2016-004897date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-518date:2016-09-26T00:00:00
db:NVDid:CVE-2016-6413date:2024-11-21T02:56:04.973

SOURCES RELEASE DATE
db:VULHUBid:VHN-95233date:2016-09-24T00:00:00
db:BIDid:93089date:2016-09-21T00:00:00
db:JVNDBid:JVNDB-2016-004897date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-518date:2016-09-22T00:00:00
db:NVDid:CVE-2016-6413date:2016-09-24T01:59:06.120