Sign-up

ID

VAR-201612-0366


CVE

CVE-2016-9204


TITLE

Cisco Intercloud Fabric Director Vulnerabilities in internal accounts connected to internal services

Trust: 0.8

sources: JVNDB: JVNDB-2016-006285

DESCRIPTION

A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1000V InterCloud is affected. More Information: CSCus99379. Known Affected Releases: 2.2(1). Cisco IntercloudFabricDirector is a device developed by Cisco. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCus99379

Trust: 2.52

sources: NVD: CVE-2016-9204 // JVNDB: JVNDB-2016-006285 // CNVD: CNVD-2016-12571 // BID: 94816 // VULHUB: VHN-98024

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-12571

AFFECTED PRODUCTS

vendor:ciscomodel:nexus 1000v intercloudscope:eqversion:2.2\(1\)

Trust: 1.6

vendor:ciscomodel:nexus 1000v intercloudscope:eqversion:for vmware 2.2(1)

Trust: 0.8

vendor:ciscomodel:nexus intercloudscope:eqversion:1000v

Trust: 0.6

vendor:ciscomodel:nexus intercloudscope:eqversion:1000v0

Trust: 0.3

sources: CNVD: CNVD-2016-12571 // BID: 94816 // JVNDB: JVNDB-2016-006285 // CNNVD: CNNVD-201612-221 // NVD: CVE-2016-9204

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9204
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9204
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-12571
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201612-221
value: MEDIUM

Trust: 0.6

VULHUB: VHN-98024
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-9204
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-12571
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98024
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9204
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-12571 // VULHUB: VHN-98024 // JVNDB: JVNDB-2016-006285 // CNNVD: CNNVD-201612-221 // NVD: CVE-2016-9204

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-98024 // JVNDB: JVNDB-2016-006285 // NVD: CVE-2016-9204

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-221

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201612-221

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-006285

PATCH
title:cisco-sa-20161207-icfurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf
Trust: 0.8
title:Patch for Cisco IntercloudFabricDirector Static Credential Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/86148
Trust: 0.6
title:Cisco Intercloud Fabric Director Static Credentials Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66258
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-12571 // 
            
            
            
            JVNDB: JVNDB-2016-006285 // 
            
            
            
            CNNVD: CNNVD-201612-221

EXTERNAL IDS
db:NVDid:CVE-2016-9204
Trust: 3.4
db:BIDid:94816
Trust: 2.0
db:JVNDBid:JVNDB-2016-006285
Trust: 0.8
db:CNNVDid:CNNVD-201612-221
Trust: 0.7
db:CNVDid:CNVD-2016-12571
Trust: 0.6
db:VULHUBid:VHN-98024
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-12571 // 
            
            
            
            VULHUB: VHN-98024 // 
            
            
            
            BID: 94816 // 
            
            
            
            JVNDB: JVNDB-2016-006285 // 
            
            
            
            CNNVD: CNNVD-201612-221 // 
            
            
            
            NVD: CVE-2016-9204

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-icf
Trust: 2.6
url:http://www.securityfocus.com/bid/94816
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9204
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9204
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-12571 // 
            
            
            
            VULHUB: VHN-98024 // 
            
            
            
            BID: 94816 // 
            
            
            
            JVNDB: JVNDB-2016-006285 // 
            
            
            
            CNNVD: CNNVD-201612-221 // 
            
            
            
            NVD: CVE-2016-9204

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 94816

SOURCES
db:CNVDid:CNVD-2016-12571
db:VULHUBid:VHN-98024
db:BIDid:94816
db:JVNDBid:JVNDB-2016-006285
db:CNNVDid:CNNVD-201612-221
db:NVDid:CVE-2016-9204

LAST UPDATE DATE
2024-11-23T21:42:16.031000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-12571date:2016-12-19T00:00:00
db:VULHUBid:VHN-98024date:2017-01-04T00:00:00
db:BIDid:94816date:2016-12-20T01:08:00
db:JVNDBid:JVNDB-2016-006285date:2016-12-19T00:00:00
db:CNNVDid:CNNVD-201612-221date:2016-12-12T00:00:00
db:NVDid:CVE-2016-9204date:2024-11-21T03:00:47.747

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-12571date:2016-12-19T00:00:00
db:VULHUBid:VHN-98024date:2016-12-14T00:00:00
db:BIDid:94816date:2016-12-07T00:00:00
db:JVNDBid:JVNDB-2016-006285date:2016-12-19T00:00:00
db:CNNVDid:CNNVD-201612-221date:2016-12-09T00:00:00
db:NVDid:CVE-2016-9204date:2016-12-14T00:59:25.223