Sign-up

ID

VAR-201704-0489


CVE

CVE-2016-9197


TITLE

Cisco Mobility Express 2800 and 3800 series Wireless LAN Controller Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2016-008290

DESCRIPTION

A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0). Vendors have confirmed this vulnerability Bug ID CSCvb70351 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. The Cisco Mobility Express 2800 and 3800 AccessPoints are wireless products based on the Mobility Express solution from Cisco. This issue is being tracked by Cisco Bug ID CSCvb70351. CLI command parser is one of the CLI (command line interface) command parsers

Trust: 2.52

sources: NVD: CVE-2016-9197 // JVNDB: JVNDB-2016-008290 // CNVD: CNVD-2017-04566 // BID: 97469 // VULHUB: VHN-98017

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04566

AFFECTED PRODUCTS

vendor:ciscomodel:mobility services enginescope:eqversion:8.3.102.0

Trust: 1.6

vendor:ciscomodel:mobility expressscope:eqversion:38008.3(102.0)

Trust: 0.9

vendor:ciscomodel:mobility expressscope:eqversion:28008.3(102.0)

Trust: 0.9

vendor:ciscomodel:mobility services enginescope:eqversion:8.3(102.0)

Trust: 0.8

sources: CNVD: CNVD-2017-04566 // BID: 97469 // JVNDB: JVNDB-2016-008290 // CNNVD: CNNVD-201704-441 // NVD: CVE-2016-9197

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-9197
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-9197
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-04566
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201704-441
value: HIGH

Trust: 0.6

VULHUB: VHN-98017
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-9197
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04566
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-98017
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-9197
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04566 // VULHUB: VHN-98017 // JVNDB: JVNDB-2016-008290 // CNNVD: CNNVD-201704-441 // NVD: CVE-2016-9197

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-98017 // JVNDB: JVNDB-2016-008290 // NVD: CVE-2016-9197

THREAT TYPE

local

Trust: 0.9

sources: BID: 97469 // CNNVD: CNNVD-201704-441

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201704-441

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-008290

PATCH
title:cisco-sa-20170405-cmeurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme
Trust: 0.8
title:CiscoMobilityExpress 2800 and 3800 Series Local Security Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/91872
Trust: 0.6
title:Cisco Mobility Express 2800  and 3800 Series Wireless LAN Controllers CLI Fixes for Command Parser Permissions and Access Control Vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73817
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-04566 // 
            
            
            
            JVNDB: JVNDB-2016-008290 // 
            
            
            
            CNNVD: CNNVD-201704-441

EXTERNAL IDS
db:NVDid:CVE-2016-9197
Trust: 3.4
db:BIDid:97469
Trust: 2.0
db:JVNDBid:JVNDB-2016-008290
Trust: 0.8
db:CNNVDid:CNNVD-201704-441
Trust: 0.7
db:CNVDid:CNVD-2017-04566
Trust: 0.6
db:NSFOCUSid:36319
Trust: 0.6
db:VULHUBid:VHN-98017
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04566 // 
            
            
            
            VULHUB: VHN-98017 // 
            
            
            
            BID: 97469 // 
            
            
            
            JVNDB: JVNDB-2016-008290 // 
            
            
            
            CNNVD: CNNVD-201704-441 // 
            
            
            
            NVD: CVE-2016-9197

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-cme
Trust: 2.0
url:http://www.securityfocus.com/bid/97469
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9197
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-9197
Trust: 0.8
url:http://www.nsfocus.net/vulndb/36319
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04566 // 
            
            
            
            VULHUB: VHN-98017 // 
            
            
            
            BID: 97469 // 
            
            
            
            JVNDB: JVNDB-2016-008290 // 
            
            
            
            CNNVD: CNNVD-201704-441 // 
            
            
            
            NVD: CVE-2016-9197

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 97469

SOURCES
db:CNVDid:CNVD-2017-04566
db:VULHUBid:VHN-98017
db:BIDid:97469
db:JVNDBid:JVNDB-2016-008290
db:CNNVDid:CNNVD-201704-441
db:NVDid:CVE-2016-9197

LAST UPDATE DATE
2024-11-23T22:13:03.886000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04566date:2017-04-17T00:00:00
db:VULHUBid:VHN-98017date:2017-04-13T00:00:00
db:BIDid:97469date:2017-04-11T00:03:00
db:JVNDBid:JVNDB-2016-008290date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-441date:2017-08-31T00:00:00
db:NVDid:CVE-2016-9197date:2024-11-21T03:00:47.003

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04566date:2017-04-17T00:00:00
db:VULHUBid:VHN-98017date:2017-04-07T00:00:00
db:BIDid:97469date:2017-04-05T00:00:00
db:JVNDBid:JVNDB-2016-008290date:2017-05-12T00:00:00
db:CNNVDid:CNNVD-201704-441date:2017-04-07T00:00:00
db:NVDid:CVE-2016-9197date:2017-04-07T17:59:00.263