Details of VAR-201610-0291

ID

VAR-201610-0291

CVE

CVE-2016-6443

TITLE

Cisco Prime Infrastructure and Evolved Programmable Network Manager of SQL In the database interface SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005697

DESCRIPTION

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). Vendors have confirmed this vulnerability Bug ID CSCva27038 and CSCva28335 It is released as.Any user that affects the confidentiality of the system by a remotely authenticated user SQL A subset of queries may be executed. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug IDs CSCva27038 and CSCva28335. PI is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; EPNM is a set of network management solutions. A remote attacker can exploit this vulnerability by sending URLs containing malicious SQL statements to the target system to affect system confidentiality, and may also cause denial of service

Trust: 1.98

sources: NVD: CVE-2016-6443 // JVNDB: JVNDB-2016-005697 // BID: 93522 // VULHUB: VHN-95263

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.3.0.20	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.2	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.0.45	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2.0.103	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.1	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	1.2	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.3	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2\(2\)	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2.1	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.0	Trust: 1.0
vendor:	cisco	model:	evolved programmable network manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.3.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.1.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.0.0	Trust: 0.6
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	1.2.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2.0	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.0_base	Trust: 0.6
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	-	Trust: 0.3
vendor:	cisco	model:	evolved programmable network manager	scope:	eq	version:	0	Trust: 0.3

sources: BID: 93522 // JVNDB: JVNDB-2016-005697 // CNNVD: CNNVD-201610-804 // NVD: CVE-2016-6443

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6443
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6443
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201610-804
value:	HIGH
Trust: 0.6
VULHUB:	VHN-95263
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6443
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95263
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6443
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95263 // JVNDB: JVNDB-2016-005697 // CNNVD: CNNVD-201610-804 // NVD: CVE-2016-6443

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.9

sources: VULHUB: VHN-95263 // JVNDB: JVNDB-2016-005697 // NVD: CVE-2016-6443

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-804

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201610-804

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005697

PATCH

title:	cisco-sa-20161012-prime	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161012-prime	Trust: 0.8
title:	Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager SQL Injection vulnerability Repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65139	Trust: 0.6

sources: JVNDB: JVNDB-2016-005697 // CNNVD: CNNVD-201610-804

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6443	Trust: 2.8
db:	BID	id:	93522	Trust: 2.0
db:	SECTRACK	id:	1037006	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-005697	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-804	Trust: 0.7
db:	VULHUB	id:	VHN-95263	Trust: 0.1

sources: VULHUB: VHN-95263 // BID: 93522 // JVNDB: JVNDB-2016-005697 // CNNVD: CNNVD-201610-804 // NVD: CVE-2016-6443

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161012-prime	Trust: 2.0
url:	http://www.securityfocus.com/bid/93522	Trust: 1.7
url:	http://www.securitytracker.com/id/1037006	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6443	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6443	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-95263 // BID: 93522 // JVNDB: JVNDB-2016-005697 // CNNVD: CNNVD-201610-804 // NVD: CVE-2016-6443

CREDITS

Cisco

Trust: 0.3

sources: BID: 93522

SOURCES

db:	VULHUB	id:	VHN-95263
db:	BID	id:	93522
db:	JVNDB	id:	JVNDB-2016-005697
db:	CNNVD	id:	CNNVD-201610-804
db:	NVD	id:	CVE-2016-6443

LAST UPDATE DATE

2024-11-23T22:18:13.859000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95263	date:	2019-08-01T00:00:00
db:	BID	id:	93522	date:	2016-10-26T04:08:00
db:	JVNDB	id:	JVNDB-2016-005697	date:	2016-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201610-804	date:	2019-07-30T00:00:00
db:	NVD	id:	CVE-2016-6443	date:	2024-11-21T02:56:08.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95263	date:	2016-10-27T00:00:00
db:	BID	id:	93522	date:	2016-10-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-005697	date:	2016-11-04T00:00:00
db:	CNNVD	id:	CNNVD-201610-804	date:	2016-10-28T00:00:00
db:	NVD	id:	CVE-2016-6443	date:	2016-10-27T21:59:14.860