Details of VAR-201612-0360

ID

VAR-201612-0360

CVE

CVE-2016-9198

TITLE

Cisco Identity Services Engine of Active Directory Service disruption in integrated components (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-006318

DESCRIPTION

A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199). Vendors have confirmed this vulnerability Bug ID CSCuw15041 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuw15041. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. Active Directory integration is one of the active directory components. The vulnerability stems from the program's improper handling of Password Authentication Protocol (PAP) authentication requests. A remote attacker can exploit this vulnerability by altering the correct PAP authentication request to cause subsequent authentication requests to the Active Directory domain to fail

Trust: 1.98

sources: NVD: CVE-2016-9198 // JVNDB: JVNDB-2016-006318 // BID: 94810 // VULHUB: VHN-98018

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine	scope:	eq	version:	1.2\(1.199\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	eq	version:	1.2(1.199)	Trust: 0.8
vendor:	cisco	model:	identity services engine	scope:	eq	version:	0	Trust: 0.3

sources: BID: 94810 // JVNDB: JVNDB-2016-006318 // CNNVD: CNNVD-201612-226 // NVD: CVE-2016-9198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9198
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-9198
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201612-226
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98018
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9198
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-98018
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9198
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-98018 // JVNDB: JVNDB-2016-006318 // CNNVD: CNNVD-201612-226 // NVD: CVE-2016-9198

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-98018 // JVNDB: JVNDB-2016-006318 // NVD: CVE-2016-9198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-226

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201612-226

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006318

PATCH

title:	cisco-sa-20161207-ise	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-ise	Trust: 0.8
title:	Cisco Identity Services Engine Active Directory Integration Component Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66263	Trust: 0.6

sources: JVNDB: JVNDB-2016-006318 // CNNVD: CNNVD-201612-226

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9198	Trust: 2.8
db:	BID	id:	94810	Trust: 1.4
db:	SECTRACK	id:	1037415	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-006318	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-226	Trust: 0.7
db:	VULHUB	id:	VHN-98018	Trust: 0.1

sources: VULHUB: VHN-98018 // BID: 94810 // JVNDB: JVNDB-2016-006318 // CNNVD: CNNVD-201612-226 // NVD: CVE-2016-9198

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-ise	Trust: 2.0
url:	http://www.securityfocus.com/bid/94810	Trust: 1.1
url:	http://www.securitytracker.com/id/1037415	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9198	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9198	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-98018 // BID: 94810 // JVNDB: JVNDB-2016-006318 // CNNVD: CNNVD-201612-226 // NVD: CVE-2016-9198

CREDITS

Cisco

Trust: 0.3

sources: BID: 94810

SOURCES

db:	VULHUB	id:	VHN-98018
db:	BID	id:	94810
db:	JVNDB	id:	JVNDB-2016-006318
db:	CNNVD	id:	CNNVD-201612-226
db:	NVD	id:	CVE-2016-9198

LAST UPDATE DATE

2024-11-23T23:02:32.281000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-98018	date:	2016-12-22T00:00:00
db:	BID	id:	94810	date:	2016-12-20T01:08:00
db:	JVNDB	id:	JVNDB-2016-006318	date:	2016-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201612-226	date:	2016-12-12T00:00:00
db:	NVD	id:	CVE-2016-9198	date:	2024-11-21T03:00:47.110

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-98018	date:	2016-12-14T00:00:00
db:	BID	id:	94810	date:	2016-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-006318	date:	2016-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201612-226	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-9198	date:	2016-12-14T00:59:18.300