Details of VAR-201612-0482

ID

VAR-201612-0482

CVE

CVE-2016-9215

TITLE

Cisco IOS XR In software root Vulnerability to log into a device with user privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-006321

DESCRIPTION

A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. Successful attacks can allow an attacker to gain complete access to the affected devices with root privileges. This issue is tracked by Cisco Bug ID CSCva38434

Trust: 2.52

sources: NVD: CVE-2016-9215 // JVNDB: JVNDB-2016-006321 // CNVD: CNVD-2016-12409 // BID: 94812 // VULHUB: VHN-98035

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-12409

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xr	scope:	eq	version:	6.1.1	Trust: 2.4
vendor:	cisco	model:	ios xr software	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	ios xr software	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2016-12409 // BID: 94812 // JVNDB: JVNDB-2016-006321 // CNNVD: CNNVD-201612-225 // NVD: CVE-2016-9215

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9215
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-9215
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-12409
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201612-225
value:	HIGH
Trust: 0.6
VULHUB:	VHN-98035
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-9215
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-12409
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-98035
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9215
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-12409 // VULHUB: VHN-98035 // JVNDB: JVNDB-2016-006321 // CNNVD: CNNVD-201612-225 // NVD: CVE-2016-9215

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-98035 // JVNDB: JVNDB-2016-006321 // NVD: CVE-2016-9215

THREAT TYPE

local

Trust: 0.9

sources: BID: 94812 // CNNVD: CNNVD-201612-225

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201612-225

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006321

PATCH

title:	cisco-sa-20161207-iosxr	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-iosxr	Trust: 0.8
title:	Cisco IOSXRSoftware default account password vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/86057	Trust: 0.6
title:	Cisco IOS XR Software Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66262	Trust: 0.6

sources: CNVD: CNVD-2016-12409 // JVNDB: JVNDB-2016-006321 // CNNVD: CNNVD-201612-225

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9215	Trust: 3.4
db:	BID	id:	94812	Trust: 2.0
db:	SECTRACK	id:	1037418	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-006321	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-225	Trust: 0.7
db:	CNVD	id:	CNVD-2016-12409	Trust: 0.6
db:	VULHUB	id:	VHN-98035	Trust: 0.1

sources: CNVD: CNVD-2016-12409 // VULHUB: VHN-98035 // BID: 94812 // JVNDB: JVNDB-2016-006321 // CNNVD: CNNVD-201612-225 // NVD: CVE-2016-9215

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-iosxr	Trust: 2.6
url:	http://www.securityfocus.com/bid/94812	Trust: 1.1
url:	http://www.securitytracker.com/id/1037418	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9215	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9215	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-12409 // VULHUB: VHN-98035 // BID: 94812 // JVNDB: JVNDB-2016-006321 // CNNVD: CNNVD-201612-225 // NVD: CVE-2016-9215

CREDITS

Cisco

Trust: 0.3

sources: BID: 94812

SOURCES

db:	CNVD	id:	CNVD-2016-12409
db:	VULHUB	id:	VHN-98035
db:	BID	id:	94812
db:	JVNDB	id:	JVNDB-2016-006321
db:	CNNVD	id:	CNNVD-201612-225
db:	NVD	id:	CVE-2016-9215

LAST UPDATE DATE

2024-11-23T22:52:34.790000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-12409	date:	2016-12-16T00:00:00
db:	VULHUB	id:	VHN-98035	date:	2016-12-22T00:00:00
db:	BID	id:	94812	date:	2016-12-20T00:08:00
db:	JVNDB	id:	JVNDB-2016-006321	date:	2016-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201612-225	date:	2016-12-14T00:00:00
db:	NVD	id:	CVE-2016-9215	date:	2024-11-21T03:00:48.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-12409	date:	2016-12-16T00:00:00
db:	VULHUB	id:	VHN-98035	date:	2016-12-14T00:00:00
db:	BID	id:	94812	date:	2016-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2016-006321	date:	2016-12-21T00:00:00
db:	CNNVD	id:	CNNVD-201612-225	date:	2016-12-09T00:00:00
db:	NVD	id:	CVE-2016-9215	date:	2016-12-14T00:59:36.477