Details of VAR-201611-0165

ID

VAR-201611-0165

CVE

CVE-2016-6454

TITLE

Cisco Hosted Collaboration Mediation Fulfillment of Web Cross-site request forgery vulnerability in the interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-005736

DESCRIPTION

A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute unwanted actions. More Information: CSCva54241. Known Affected Releases: 11.5(1). Known Fixed Releases: 11.5(0.98000.216). Vendors have confirmed this vulnerability Bug ID CSCva54241 It is released as.An unintended action may be performed by a third party. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug ID CSCva54241. The software provides functions such as configuring, managing and monitoring services of Cisco HCM-F. A remote attacker could exploit this vulnerability to submit arbitrary requests

Trust: 1.98

sources: NVD: CVE-2016-6454 // JVNDB: JVNDB-2016-005736 // BID: 93916 // VULHUB: VHN-95274

AFFECTED PRODUCTS

vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6\(3\).0	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6\(2\).0	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6\(1\).0	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	11.5\(1\).0	Trust: 1.6
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6(1).0	Trust: 0.8
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6(2).0	Trust: 0.8
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	10.6(3).0	Trust: 0.8
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	11.5(1).0	Trust: 0.8
vendor:	cisco	model:	hosted collaboration mediation fulfillment	scope:	eq	version:	0	Trust: 0.3

sources: BID: 93916 // JVNDB: JVNDB-2016-005736 // CNNVD: CNNVD-201610-772 // NVD: CVE-2016-6454

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6454
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-6454
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201610-772
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95274
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6454
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95274
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6454
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95274 // JVNDB: JVNDB-2016-005736 // CNNVD: CNNVD-201610-772 // NVD: CVE-2016-6454

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-95274 // JVNDB: JVNDB-2016-005736 // NVD: CVE-2016-6454

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-772

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201610-772

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005736

PATCH

title:

cisco-sa-20161026-hcmf

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-hcmf

Trust: 0.8

sources: JVNDB: JVNDB-2016-005736

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6454	Trust: 2.8
db:	BID	id:	93916	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-005736	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-772	Trust: 0.7
db:	VULHUB	id:	VHN-95274	Trust: 0.1

sources: VULHUB: VHN-95274 // BID: 93916 // JVNDB: JVNDB-2016-005736 // CNNVD: CNNVD-201610-772 // NVD: CVE-2016-6454

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-hcmf	Trust: 2.0
url:	http://www.securityfocus.com/bid/93916	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6454	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6454	Trust: 0.8
url:	http://www.cisco.com	Trust: 0.3

sources: VULHUB: VHN-95274 // BID: 93916 // JVNDB: JVNDB-2016-005736 // CNNVD: CNNVD-201610-772 // NVD: CVE-2016-6454

CREDITS

Cisco

Trust: 0.9

sources: BID: 93916 // CNNVD: CNNVD-201610-772

SOURCES

db:	VULHUB	id:	VHN-95274
db:	BID	id:	93916
db:	JVNDB	id:	JVNDB-2016-005736
db:	CNNVD	id:	CNNVD-201610-772
db:	NVD	id:	CVE-2016-6454

LAST UPDATE DATE

2024-11-23T22:26:55.135000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95274	date:	2016-11-28T00:00:00
db:	BID	id:	93916	date:	2016-11-24T07:04:00
db:	JVNDB	id:	JVNDB-2016-005736	date:	2016-11-08T00:00:00
db:	CNNVD	id:	CNNVD-201610-772	date:	2016-11-04T00:00:00
db:	NVD	id:	CVE-2016-6454	date:	2024-11-21T02:56:09.923

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95274	date:	2016-11-03T00:00:00
db:	BID	id:	93916	date:	2016-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2016-005736	date:	2016-11-08T00:00:00
db:	CNNVD	id:	CNNVD-201610-772	date:	2016-10-27T00:00:00
db:	NVD	id:	CVE-2016-6454	date:	2016-11-03T21:59:10.013