Sign-up

ID

VAR-201610-0279


CVE

CVE-2016-6428


TITLE

Cisco IOS XR In root Any at authority OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005140

DESCRIPTION

Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. This issue is being tracked by Cisco Bug ID CSCva38349

Trust: 2.52

sources: NVD: CVE-2016-6428 // JVNDB: JVNDB-2016-005140 // CNVD: CNVD-2016-09469 // BID: 93416 // VULHUB: VHN-95248

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-09469

AFFECTED PRODUCTS

vendor:ciscomodel:ios xrscope:eqversion:6.1.1

Trust: 3.0

vendor:ciscomodel:ios xrscope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2016-09469 // BID: 93416 // JVNDB: JVNDB-2016-005140 // CNNVD: CNNVD-201610-077 // NVD: CVE-2016-6428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6428
value: HIGH

Trust: 1.0

NVD: CVE-2016-6428
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-09469
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201610-077
value: HIGH

Trust: 0.6

VULHUB: VHN-95248
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6428
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-09469
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-95248
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6428
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-09469 // VULHUB: VHN-95248 // JVNDB: JVNDB-2016-005140 // CNNVD: CNNVD-201610-077 // NVD: CVE-2016-6428

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-95248 // JVNDB: JVNDB-2016-005140 // NVD: CVE-2016-6428

THREAT TYPE

local

Trust: 0.9

sources: BID: 93416 // CNNVD: CNNVD-201610-077

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201610-077

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005140

PATCH
title:cisco-sa-20161005-iosxrurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-iosxr
Trust: 0.8
title:Patch for Cisco IOSXR Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/82548
Trust: 0.6
title:Cisco IOS XR Repair measures for privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64505
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-09469 // 
            
            
            
            JVNDB: JVNDB-2016-005140 // 
            
            
            
            CNNVD: CNNVD-201610-077

EXTERNAL IDS
db:NVDid:CVE-2016-6428
Trust: 3.4
db:SECTRACKid:1036956
Trust: 1.7
db:BIDid:93416
Trust: 1.4
db:JVNDBid:JVNDB-2016-005140
Trust: 0.8
db:CNNVDid:CNNVD-201610-077
Trust: 0.7
db:CNVDid:CNVD-2016-09469
Trust: 0.6
db:VULHUBid:VHN-95248
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-09469 // 
            
            
            
            VULHUB: VHN-95248 // 
            
            
            
            BID: 93416 // 
            
            
            
            JVNDB: JVNDB-2016-005140 // 
            
            
            
            CNNVD: CNNVD-201610-077 // 
            
            
            
            NVD: CVE-2016-6428

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-iosxr
Trust: 2.6
url:http://www.securityfocus.com/bid/93416
Trust: 1.1
url:http://www.securitytracker.com/id/1036956
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6428
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6428
Trust: 0.8
url:http://securitytracker.com/id/1036956
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-09469 // 
            
            
            
            VULHUB: VHN-95248 // 
            
            
            
            BID: 93416 // 
            
            
            
            JVNDB: JVNDB-2016-005140 // 
            
            
            
            CNNVD: CNNVD-201610-077 // 
            
            
            
            NVD: CVE-2016-6428

CREDITS
Cisco.
Trust: 0.3
sources:
            
            
            BID: 93416

SOURCES
db:CNVDid:CNVD-2016-09469
db:VULHUBid:VHN-95248
db:BIDid:93416
db:JVNDBid:JVNDB-2016-005140
db:CNNVDid:CNNVD-201610-077
db:NVDid:CVE-2016-6428

LAST UPDATE DATE
2024-11-23T22:38:43.376000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-09469date:2016-10-19T00:00:00
db:VULHUBid:VHN-95248date:2017-07-30T00:00:00
db:BIDid:93416date:2016-10-10T04:02:00
db:JVNDBid:JVNDB-2016-005140date:2016-10-12T00:00:00
db:CNNVDid:CNNVD-201610-077date:2016-10-11T00:00:00
db:NVDid:CVE-2016-6428date:2024-11-21T02:56:06.697

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-09469date:2016-10-19T00:00:00
db:VULHUBid:VHN-95248date:2016-10-06T00:00:00
db:BIDid:93416date:2016-10-05T00:00:00
db:JVNDBid:JVNDB-2016-005140date:2016-10-12T00:00:00
db:CNNVDid:CNNVD-201610-077date:2016-10-11T00:00:00
db:NVDid:CVE-2016-6428date:2016-10-06T10:59:13.243