var-201607-0422
Vulnerability from variot
Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. Vendors have confirmed this vulnerability Bug ID CSCuy77145 It is released as.By a third party GET API Via calls, file system and administrative endpoint restrictions may be bypassed. Cisco Configuration Assistant is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuy77145. Cisco CNAP release 1.0(0), which is part of Cisco Configuration Assistant (CCA), is affected. A security vulnerability exists in CNAP version 1.0(0) of Cisco CCA due to the lack of controller mechanism and input validation mechanism in the program
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0422",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cloud network automation provisioner",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0\\(0\\)"
},
{
"model": "cloud network automation provisioner",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.0(0)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-676"
},
{
"db": "NVD",
"id": "CVE-2016-1441"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:cloud_network_automation_provisioner",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "91523"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1441",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1441",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90260",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1441",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1441",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1441",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-676",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90260",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-1441",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90260"
},
{
"db": "VULMON",
"id": "CVE-2016-1441"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-676"
},
{
"db": "NVD",
"id": "CVE-2016-1441"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. Vendors have confirmed this vulnerability Bug ID CSCuy77145 It is released as.By a third party GET API Via calls, file system and administrative endpoint restrictions may be bypassed. Cisco Configuration Assistant is prone to an unauthorized-access vulnerability. \nAttackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. \nThis issue is being tracked by Cisco bug ID CSCuy77145. \nCisco CNAP release 1.0(0), which is part of Cisco Configuration Assistant (CCA), is affected. A security vulnerability exists in CNAP version 1.0(0) of Cisco CCA due to the lack of controller mechanism and input validation mechanism in the program",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1441"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"db": "BID",
"id": "91523"
},
{
"db": "VULHUB",
"id": "VHN-90260"
},
{
"db": "VULMON",
"id": "CVE-2016-1441"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1441",
"trust": 2.9
},
{
"db": "BID",
"id": "91523",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-676",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90260",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1441",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90260"
},
{
"db": "VULMON",
"id": "CVE-2016-1441"
},
{
"db": "BID",
"id": "91523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-676"
},
{
"db": "NVD",
"id": "CVE-2016-1441"
}
]
},
"id": "VAR-201607-0422",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90260"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:13:14.668000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160630-cca",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160630-cca"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90260"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"db": "NVD",
"id": "CVE-2016-1441"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160630-cca"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/91523"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1441"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1441"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90260"
},
{
"db": "VULMON",
"id": "CVE-2016-1441"
},
{
"db": "BID",
"id": "91523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-676"
},
{
"db": "NVD",
"id": "CVE-2016-1441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90260"
},
{
"db": "VULMON",
"id": "CVE-2016-1441"
},
{
"db": "BID",
"id": "91523"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-676"
},
{
"db": "NVD",
"id": "CVE-2016-1441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90260"
},
{
"date": "2016-07-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1441"
},
{
"date": "2016-06-30T00:00:00",
"db": "BID",
"id": "91523"
},
{
"date": "2016-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"date": "2016-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-676"
},
{
"date": "2016-07-03T01:59:03.767000",
"db": "NVD",
"id": "CVE-2016-1441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-90260"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1441"
},
{
"date": "2016-06-30T00:00:00",
"db": "BID",
"id": "91523"
},
{
"date": "2016-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003423"
},
{
"date": "2016-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-676"
},
{
"date": "2024-11-21T02:46:27",
"db": "NVD",
"id": "CVE-2016-1441"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-676"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Configuration Assistant of CNAP Vulnerabilities that can bypass file system and management endpoint restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003423"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-676"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…