Details of VAR-201601-0043

ID

VAR-201601-0043

CVE

CVE-2016-1299

TITLE

Cisco Small Business SG300 Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-00788 // CNNVD: CNNVD-201601-656

DESCRIPTION

The web-management GUI implementation on Cisco Small Business SG300 devices 1.4.1.x allows remote attackers to cause a denial of service (HTTPS outage) via crafted HTTPS requests, aka Bug ID CSCuw87174. CiscoSmallBusinessSG300 is the SG300 series of intelligent switches from Cisco. Cisco Small Business SG300 Managed Switch is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. This issue is being tracked by Cisco Bug ID CSCuw87174

Trust: 2.52

sources: NVD: CVE-2016-1299 // JVNDB: JVNDB-2016-001460 // CNVD: CNVD-2016-00788 // BID: 82103 // VULHUB: VHN-90118

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00788

AFFECTED PRODUCTS

vendor:	cisco	model:	300 series managed switch	scope:	eq	version:	1.4.1	Trust: 1.6
vendor:	cisco	model:	small business 300 series managed switch	scope:	eq	version:	1.4.1.x	Trust: 0.8
vendor:	cisco	model:	small business sg300	scope:	eq	version:	1.4.1.x	Trust: 0.6
vendor:	cisco	model:	small business sg300 managed switch	scope:	eq	version:	1.4.1.0	Trust: 0.3

sources: CNVD: CNVD-2016-00788 // BID: 82103 // JVNDB: JVNDB-2016-001460 // CNNVD: CNNVD-201601-656 // NVD: CVE-2016-1299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1299
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1299
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-00788
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201601-656
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90118
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1299
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00788
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90118
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1299
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-00788 // VULHUB: VHN-90118 // JVNDB: JVNDB-2016-001460 // CNNVD: CNNVD-201601-656 // NVD: CVE-2016-1299

PROBLEMTYPE DATA

problemtype:

CWE-399

Trust: 1.9

sources: VULHUB: VHN-90118 // JVNDB: JVNDB-2016-001460 // NVD: CVE-2016-1299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-656

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201601-656

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001460

PATCH

title:	cisco-sa-20160127-sbms	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-sbms	Trust: 0.8
title:	Patch for CiscoSmallBusinessSG300 Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/71081	Trust: 0.6

sources: CNVD: CNVD-2016-00788 // JVNDB: JVNDB-2016-001460

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1299	Trust: 3.4
db:	BID	id:	82103	Trust: 1.0
db:	JVNDB	id:	JVNDB-2016-001460	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-656	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00788	Trust: 0.6
db:	VULHUB	id:	VHN-90118	Trust: 0.1

sources: CNVD: CNVD-2016-00788 // VULHUB: VHN-90118 // BID: 82103 // JVNDB: JVNDB-2016-001460 // CNNVD: CNNVD-201601-656 // NVD: CVE-2016-1299

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160127-sbms	Trust: 2.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1299	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1299	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-00788 // VULHUB: VHN-90118 // BID: 82103 // JVNDB: JVNDB-2016-001460 // CNNVD: CNNVD-201601-656 // NVD: CVE-2016-1299

CREDITS

Cisco

Trust: 0.3

sources: BID: 82103

SOURCES

db:	CNVD	id:	CNVD-2016-00788
db:	VULHUB	id:	VHN-90118
db:	BID	id:	82103
db:	JVNDB	id:	JVNDB-2016-001460
db:	CNNVD	id:	CNNVD-201601-656
db:	NVD	id:	CVE-2016-1299

LAST UPDATE DATE

2025-04-12T22:58:35.732000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00788	date:	2016-02-03T00:00:00
db:	VULHUB	id:	VHN-90118	date:	2016-02-18T00:00:00
db:	BID	id:	82103	date:	2016-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-001460	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201601-656	date:	2016-01-28T00:00:00
db:	NVD	id:	CVE-2016-1299	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00788	date:	2016-02-03T00:00:00
db:	VULHUB	id:	VHN-90118	date:	2016-01-27T00:00:00
db:	BID	id:	82103	date:	2016-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-001460	date:	2016-02-19T00:00:00
db:	CNNVD	id:	CNNVD-201601-656	date:	2016-01-28T00:00:00
db:	NVD	id:	CVE-2016-1299	date:	2016-01-27T22:59:02.677