var-201607-0542
Vulnerability from variot
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCuz56238. The following products are affected : Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances FirePOWER 7000 Series Appliances FirePOWER 8000 Series Appliances FirePOWER Threat Defense for Integrated Services Routers (ISRs) Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0542",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "firesight system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.1.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.0.1"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.0"
},
{
"model": "firesight system software",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "6.0.1"
},
{
"model": "firepower system",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "software 6.0.0 to 6.1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
},
{
"db": "NVD",
"id": "CVE-2016-1394"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:firepower_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was found during internal system security testing.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1394",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1394",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90213",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1394",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1394",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1394",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-651",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90213",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90213"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
},
{
"db": "NVD",
"id": "CVE-2016-1394"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. \nRemote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. \nThis issue being tracked by Cisco Bug ID CSCuz56238. \nThe following products are affected :\nAdaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services\nAdvanced Malware Protection (AMP) for Networks, 7000 Series Appliances\nAdvanced Malware Protection (AMP) for Networks, 8000 Series Appliances\nFirePOWER 7000 Series Appliances\nFirePOWER 8000 Series Appliances\nFirePOWER Threat Defense for Integrated Services Routers (ISRs)\nVirtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1394"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"db": "BID",
"id": "91503"
},
{
"db": "VULHUB",
"id": "VHN-90213"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1394",
"trust": 2.8
},
{
"db": "BID",
"id": "91503",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003422",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-651",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90213",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90213"
},
{
"db": "BID",
"id": "91503"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
},
{
"db": "NVD",
"id": "CVE-2016-1394"
}
]
},
"id": "VAR-201607-0542",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90213"
}
],
"trust": 0.6657894599999999
},
"last_update_date": "2024-11-23T22:59:28.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160629-fp",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629-fp"
},
{
"title": "Cisco Firepower System Software Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62560"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90213"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"db": "NVD",
"id": "CVE-2016-1394"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/91503"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-fp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1394"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1394"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-fp/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90213"
},
{
"db": "BID",
"id": "91503"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
},
{
"db": "NVD",
"id": "CVE-2016-1394"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90213"
},
{
"db": "BID",
"id": "91503"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
},
{
"db": "NVD",
"id": "CVE-2016-1394"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90213"
},
{
"date": "2016-06-29T00:00:00",
"db": "BID",
"id": "91503"
},
{
"date": "2016-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"date": "2016-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-651"
},
{
"date": "2016-07-03T01:59:02.860000",
"db": "NVD",
"id": "CVE-2016-1394"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-90213"
},
{
"date": "2016-06-29T00:00:00",
"db": "BID",
"id": "91503"
},
{
"date": "2016-07-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003422"
},
{
"date": "2016-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-651"
},
{
"date": "2024-11-21T02:46:21.683000",
"db": "NVD",
"id": "CVE-2016-1394"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco FirePOWER system In software CLI Vulnerability for which access rights are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003422"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-651"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…