var-201606-0277
Vulnerability from variot
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Vendors have confirmed this vulnerability Bug ID CSCuz03034 It is released as.Service disruption through a crafted request by a third party ( Memory out-of-bounds access and Web Stop the server ) There is a possibility of being put into a state. The Cisco IP8800 Series Phones are digital phone system products. The web application of the Cisco IP8800 Series Phones does not properly check the size of the input data. Due to the nature of this issue arbitrary code execution may be possible, but this has not been confirmed. This issue is being tracked by Cisco bug ID CSCuz03034. Cisco IP 8800 is a set of telephone products provided by Cisco (Cisco) in the United States that provides video and VoIP communication functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip phone 8800 series",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8800 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1)"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "880011.0(1)"
},
{
"model": "ip phone",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ip_phone_8800_series_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "91134"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1421",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03957",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90240",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1421",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1421",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1421",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-03957",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-224",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90240",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Vendors have confirmed this vulnerability Bug ID CSCuz03034 It is released as.Service disruption through a crafted request by a third party ( Memory out-of-bounds access and Web Stop the server ) There is a possibility of being put into a state. The Cisco IP8800 Series Phones are digital phone system products. The web application of the Cisco IP8800 Series Phones does not properly check the size of the input data. Due to the nature of this issue arbitrary code execution may be possible, but this has not been confirmed. \nThis issue is being tracked by Cisco bug ID CSCuz03034. Cisco IP 8800 is a set of telephone products provided by Cisco (Cisco) in the United States that provides video and VoIP communication functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "BID",
"id": "91134"
},
{
"db": "VULHUB",
"id": "VHN-90240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1421",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TRA-2020-24",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-03957",
"trust": 0.6
},
{
"db": "BID",
"id": "91134",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90240",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "BID",
"id": "91134"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"id": "VAR-201606-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
}
],
"trust": 1.0638431
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
}
]
},
"last_update_date": "2024-11-23T22:30:58.742000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160609-ipp",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"title": "Cisco IP8800 Device Web Application Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/77314"
},
{
"title": "Cisco IP 8800 Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62179"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160609-ipp"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2020-24"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1421"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1421"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "BID",
"id": "91134"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "BID",
"id": "91134"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"date": "2016-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-90240"
},
{
"date": "2016-06-09T00:00:00",
"db": "BID",
"id": "91134"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-224"
},
{
"date": "2016-06-10T01:59:06.037000",
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"date": "2020-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-90240"
},
{
"date": "2016-07-06T14:57:00",
"db": "BID",
"id": "91134"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"date": "2020-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-224"
},
{
"date": "2024-11-21T02:46:24.870000",
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IP Phone 8800 Device Web Service disruption in applications (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…