Details of VAR-201609-0389

ID

VAR-201609-0389

CVE

CVE-2016-1482

TITLE

Cisco WebEx Meetings Server Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2016-004792

DESCRIPTION

Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130. This issue is being tracked by Cisco bug ID CSCuy83130. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution. A security vulnerability exists in CWMS version 2.6

Trust: 2.07

sources: NVD: CVE-2016-1482 // JVNDB: JVNDB-2016-004792 // BID: 92959 // VULHUB: VHN-90301 // VULMON: CVE-2016-1482

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6.0	Trust: 1.6
vendor:	cisco	model:	webex meetings server	scope:	eq	version:	2.6	Trust: 1.1
vendor:	cisco	model:	webex meetings server	scope:	ne	version:	2.7	Trust: 0.3

sources: BID: 92959 // JVNDB: JVNDB-2016-004792 // CNNVD: CNNVD-201609-327 // NVD: CVE-2016-1482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1482
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1482
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201609-327
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-90301
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-1482
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1482
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-90301
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1482
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90301 // VULMON: CVE-2016-1482 // JVNDB: JVNDB-2016-004792 // CNNVD: CNNVD-201609-327 // NVD: CVE-2016-1482

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-90301 // JVNDB: JVNDB-2016-004792 // NVD: CVE-2016-1482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-327

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201609-327

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004792

PATCH

title:	cisco-sa-20160914-wem	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem	Trust: 0.8
title:	Cisco WebEx Meetings Server Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64121	Trust: 0.6
title:	Cisco: Cisco WebEx Meetings Server Remote Command Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160914-wem	Trust: 0.1
title:	The Register	url:	https://www.theregister.co.uk/2016/09/16/cisco_webex_patch/	Trust: 0.1

sources: VULMON: CVE-2016-1482 // JVNDB: JVNDB-2016-004792 // CNNVD: CNNVD-201609-327

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1482	Trust: 2.9
db:	BID	id:	92959	Trust: 1.5
db:	SECTRACK	id:	1036809	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-004792	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-327	Trust: 0.7
db:	VULHUB	id:	VHN-90301	Trust: 0.1
db:	VULMON	id:	CVE-2016-1482	Trust: 0.1

sources: VULHUB: VHN-90301 // VULMON: CVE-2016-1482 // BID: 92959 // JVNDB: JVNDB-2016-004792 // CNNVD: CNNVD-201609-327 // NVD: CVE-2016-1482

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160914-wem	Trust: 2.2
url:	http://www.securityfocus.com/bid/92959	Trust: 1.2
url:	http://www.securitytracker.com/id/1036809	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1482	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1482	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-90301 // VULMON: CVE-2016-1482 // BID: 92959 // JVNDB: JVNDB-2016-004792 // CNNVD: CNNVD-201609-327 // NVD: CVE-2016-1482

CREDITS

Cisco

Trust: 0.3

sources: BID: 92959

SOURCES

db:	VULHUB	id:	VHN-90301
db:	VULMON	id:	CVE-2016-1482
db:	BID	id:	92959
db:	JVNDB	id:	JVNDB-2016-004792
db:	CNNVD	id:	CNNVD-201609-327
db:	NVD	id:	CVE-2016-1482

LAST UPDATE DATE

2024-11-23T22:42:20.198000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90301	date:	2017-07-30T00:00:00
db:	VULMON	id:	CVE-2016-1482	date:	2017-07-30T00:00:00
db:	BID	id:	92959	date:	2016-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-004792	date:	2016-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201609-327	date:	2016-09-18T00:00:00
db:	NVD	id:	CVE-2016-1482	date:	2024-11-21T02:46:31.470

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90301	date:	2016-09-17T00:00:00
db:	VULMON	id:	CVE-2016-1482	date:	2016-09-17T00:00:00
db:	BID	id:	92959	date:	2016-09-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-004792	date:	2016-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201609-327	date:	2016-09-18T00:00:00
db:	NVD	id:	CVE-2016-1482	date:	2016-09-17T21:59:00.167