Sign-up

ID

VAR-201611-0164


CVE

CVE-2016-6453


TITLE

Cisco Identity Services Engine of Web In the framework code SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005735

DESCRIPTION

A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876). Vendors have confirmed this vulnerability Bug ID CSCva46542 It is released as.Any user on the database by the remotely authenticated user SQL The command may be executed. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue is being tracked by Cisco Bug ID CSCva46542. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2016-6453 // JVNDB: JVNDB-2016-005735 // BID: 93897 // VULHUB: VHN-95273

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:1.3\(0.876\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:1.3(0.876)

Trust: 0.8

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

sources: BID: 93897 // JVNDB: JVNDB-2016-005735 // CNNVD: CNNVD-201610-761 // NVD: CVE-2016-6453

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6453
value: HIGH

Trust: 1.0

NVD: CVE-2016-6453
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201610-761
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95273
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6453
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95273
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6453
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.1
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95273 // JVNDB: JVNDB-2016-005735 // CNNVD: CNNVD-201610-761 // NVD: CVE-2016-6453

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-95273 // JVNDB: JVNDB-2016-005735 // NVD: CVE-2016-6453

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-761

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201610-761

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005735

PATCH
title:cisco-sa-20161026-iseurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ise
Trust: 0.8
title:Cisco Identity Services Engine SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65115
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-005735 // 
            
            
            
            CNNVD: CNNVD-201610-761

EXTERNAL IDS
db:NVDid:CVE-2016-6453
Trust: 2.8
db:BIDid:93897
Trust: 2.0
db:SECTRACKid:1037109
Trust: 1.1
db:JVNDBid:JVNDB-2016-005735
Trust: 0.8
db:CNNVDid:CNNVD-201610-761
Trust: 0.7
db:VULHUBid:VHN-95273
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95273 // 
            
            
            
            BID: 93897 // 
            
            
            
            JVNDB: JVNDB-2016-005735 // 
            
            
            
            CNNVD: CNNVD-201610-761 // 
            
            
            
            NVD: CVE-2016-6453

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-ise
Trust: 2.0
url:http://www.securityfocus.com/bid/93897
Trust: 1.7
url:http://www.securitytracker.com/id/1037109
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6453
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6453
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95273 // 
            
            
            
            BID: 93897 // 
            
            
            
            JVNDB: JVNDB-2016-005735 // 
            
            
            
            CNNVD: CNNVD-201610-761 // 
            
            
            
            NVD: CVE-2016-6453

CREDITS
Cisco by Lukasz Plonka from ING Services Polska.
Trust: 0.9
sources:
            
            
            BID: 93897 // 
            
            
            
            CNNVD: CNNVD-201610-761

SOURCES
db:VULHUBid:VHN-95273
db:BIDid:93897
db:JVNDBid:JVNDB-2016-005735
db:CNNVDid:CNNVD-201610-761
db:NVDid:CVE-2016-6453

LAST UPDATE DATE
2024-11-23T22:42:19.662000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95273date:2017-07-29T00:00:00
db:BIDid:93897date:2016-11-24T00:03:00
db:JVNDBid:JVNDB-2016-005735date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201610-761date:2016-11-04T00:00:00
db:NVDid:CVE-2016-6453date:2024-11-21T02:56:09.813

SOURCES RELEASE DATE
db:VULHUBid:VHN-95273date:2016-11-03T00:00:00
db:BIDid:93897date:2016-10-26T00:00:00
db:JVNDBid:JVNDB-2016-005735date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201610-761date:2016-10-27T00:00:00
db:NVDid:CVE-2016-6453date:2016-11-03T21:59:08.920