cvelistv5 - cve-2016-1386

CVE-2016-1386 (GCVE-0-2016-1386)

Vulnerability from cvelistv5

Published

2016-04-28 22:00

Modified

2024-08-05 22:55

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

CERTFR-2016-AVI-153

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings Server version 2.6
Cisco	N/A	Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0
Cisco	N/A	Cisco Finesse
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1
Cisco	N/A	Cisco APIC-EM version 1.0(1)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7
Cisco	N/A	Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7
Cisco	N/A	Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7
Cisco	N/A	Cisco Information Server version 6.2
Cisco	N/A	Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4
Cisco	N/A	Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 03 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 04 mai 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings Server version 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Information Server version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2016-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2016-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
    },
    {
      "name": "CVE-2016-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
    },
    {
      "name": "CVE-2016-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
    },
    {
      "name": "CVE-2016-2516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2016-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
    },
    {
      "name": "CVE-2016-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
    },
    {
      "name": "CVE-2015-7704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
    },
    {
      "name": "CVE-2016-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
    },
    {
      "name": "CVE-2016-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    }
  ],
  "initial_release_date": "2016-05-06T00:00:00",
  "last_revision_date": "2016-05-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du    04 mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    }
  ],
  "reference": "CERTFR-2016-AVI-153",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
      "url": null
    }
  ]
}

var-201604-0563

Vulnerability from variot

The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. Vendors have confirmed this vulnerability Bug ID CSCux15521 It is released as.A third party may be able to forge management notifications through crafted attribute / value pairs. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCux15521. Cisco APIC-EM release 1.0(1) is vulnerable; other versions may also be affected. A security vulnerability exists in the Cisco APIC-EM version 1.0(1) API

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201604-0563",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "application policy infrastructure controller enterprise module",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "1.0.\\(1\\)"
      },
      {
        "model": "application policy infrastructure controller enterprise module",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "1.0(1)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1386"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cisco:application_policy_infrastructure_controller_enterprise_module",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "89333"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1386",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2016-1386",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-90205",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "id": "CVE-2016-1386",
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2016-1386",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2016-1386",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201604-622",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90205",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1386"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. Vendors have confirmed this vulnerability Bug ID CSCux15521 It is released as.A third party may be able to forge management notifications through crafted attribute / value pairs. \nAttackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. \nThis issue is being tracked by Cisco bug ID CSCux15521. \nCisco APIC-EM release 1.0(1) is vulnerable; other versions may also be affected. A security vulnerability exists in the Cisco APIC-EM version 1.0(1) API",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "db": "BID",
        "id": "89333"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90205"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1386",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1035702",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "89333",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-90205",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90205"
      },
      {
        "db": "BID",
        "id": "89333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1386"
      }
    ]
  },
  "id": "VAR-201604-0563",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90205"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T23:02:38.076000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160428-apic",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
      },
      {
        "title": "Cisco Application Policy Infrastructure Controller Enterprise Module Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61305"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90205"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1386"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-apic"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1035702"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1386"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1386"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90205"
      },
      {
        "db": "BID",
        "id": "89333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1386"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90205"
      },
      {
        "db": "BID",
        "id": "89333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1386"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-04-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90205"
      },
      {
        "date": "2016-04-28T00:00:00",
        "db": "BID",
        "id": "89333"
      },
      {
        "date": "2016-05-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "date": "2016-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      },
      {
        "date": "2016-04-28T22:59:00.147000",
        "db": "NVD",
        "id": "CVE-2016-1386"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90205"
      },
      {
        "date": "2016-07-06T14:34:00",
        "db": "BID",
        "id": "89333"
      },
      {
        "date": "2016-05-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      },
      {
        "date": "2016-04-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      },
      {
        "date": "2024-11-21T02:46:20.787000",
        "db": "NVD",
        "id": "CVE-2016-1386"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Application Policy Infrastructure Controller Enterprise Module  API Vulnerabilities in which management notifications are forged",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-002412"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201604-622"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2016-1386

Vulnerability from fkie_nvd

Published

2016-04-28 22:59

Modified

2025-04-12 10:46

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1035702
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035702

Impacted products

	Vendor	Product	Version
	cisco	application_policy_infrastructure_controller_enterprise_module	1.0.\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.0.\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "75B8F8D8-A567-4F1B-9617-409FF06134F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521."
    },
    {
      "lang": "es",
      "value": "La API en Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) permite a atacantes remotos suplantar notificaciones administrativas a trav\u00e9s de pares de valor-atributo manipulados, tambi\u00e9n conocida como Bug ID CSCux15521."
    }
  ],
  "id": "CVE-2016-1386",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-28T22:59:00.147",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1035702"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035702"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2016-02753

Vulnerability from cnvd

Title

Cisco Application Policy Infrastructure Controller Enterprise Module安全绕过漏洞

Description

Cisco Application Policy Infrastructure Controller Enterprise Module是一套提供了基于策略的用于自动配置端至端的基础设施控制器的应用程序。 Cisco Application Policy Infrastructure Controller Enterprise Module的API中存在安全绕过漏洞，远程攻击者可提交特制的attribute-value配对伪造管理员通知。

Severity

中

Patch Name

Cisco Application Policy Infrastructure Controller Enterprise Module安全绕过漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1386

Impacted products

Name
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1386"
    }
  },
  "description": "Cisco Application Policy Infrastructure Controller Enterprise Module\u662f\u4e00\u5957\u63d0\u4f9b\u4e86\u57fa\u4e8e\u7b56\u7565\u7684\u7528\u4e8e\u81ea\u52a8\u914d\u7f6e\u7aef\u81f3\u7aef\u7684\u57fa\u7840\u8bbe\u65bd\u63a7\u5236\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nCisco Application Policy Infrastructure Controller Enterprise Module\u7684API\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u7279\u5236\u7684attribute-value\u914d\u5bf9\u4f2a\u9020\u7ba1\u7406\u5458\u901a\u77e5\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02753",
  "openTime": "2016-05-05",
  "patchDescription": "Cisco Application Policy Infrastructure Controller Enterprise Module\u662f\u4e00\u5957\u63d0\u4f9b\u4e86\u57fa\u4e8e\u7b56\u7565\u7684\u7528\u4e8e\u81ea\u52a8\u914d\u7f6e\u7aef\u81f3\u7aef\u7684\u57fa\u7840\u8bbe\u65bd\u63a7\u5236\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nCisco Application Policy Infrastructure Controller Enterprise Module\u7684API\u4e2d\u5b58\u5728\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u63d0\u4ea4\u7279\u5236\u7684attribute-value\u914d\u5bf9\u4f2a\u9020\u7ba1\u7406\u5458\u901a\u77e5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Application Policy Infrastructure Controller Enterprise Module\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1)"
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1386",
  "serverity": "\u4e2d",
  "submitTime": "2016-04-30",
  "title": "Cisco Application Policy Infrastructure Controller Enterprise Module\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

gsd-2016-1386

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-1386

Aliases

CVE-2016-1386

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1386",
    "description": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.",
    "id": "GSD-2016-1386"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1386"
      ],
      "details": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.",
      "id": "GSD-2016-1386",
      "modified": "2023-12-13T01:21:24.723192Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1386",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1035702",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035702"
          },
          {
            "name": "20160428 Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.0.\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1386"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160428 Cisco Application Policy Infrastructure Controller Enterprise Module Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
            },
            {
              "name": "1035702",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035702"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2016-12-03T03:20Z",
      "publishedDate": "2016-04-28T22:59Z"
    }
  }
}

ghsa-2jqc-m5c2-q976

Vulnerability from github

Published

2022-05-17 03:31

Modified

2022-05-17 03:31

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1386"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-04-28T22:59:00Z",
    "severity": "HIGH"
  },
  "details": "The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521.",
  "id": "GHSA-2jqc-m5c2-q976",
  "modified": "2022-05-17T03:31:56Z",
  "published": "2022-05-17T03:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1386"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035702"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-1386 (GCVE-0-2016-1386)

Vulnerability from cvelistv5

CERTFR-2016-AVI-153

Vulnerability from certfr_avis

Solution

var-201604-0563

Vulnerability from variot

fkie_cve-2016-1386

Vulnerability from fkie_nvd

cnvd-2016-02753

Vulnerability from cnvd

gsd-2016-1386

Vulnerability from gsd

ghsa-2jqc-m5c2-q976

Vulnerability from github

Tags

Sightings

Nomenclature