Sign-up

ID

VAR-201602-0058


CVE

CVE-2016-1320


TITLE

Cisco Prime Collaboration of CLI In root As any OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-001498

DESCRIPTION

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. Cisco Prime Collaboration is a set of enterprise collaboration network management solutions from Cisco. This solution supports simplified unified communication and video collaboration network management through a unified management console, and rapid deployment of communication sites. A local attacker can exploit this vulnerability to execute arbitrary operating system commands with root privileges

Trust: 1.71

sources: NVD: CVE-2016-1320 // JVNDB: JVNDB-2016-001498 // VULHUB: VHN-90139

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaborationscope:eqversion:9.0.0

Trust: 1.6

vendor:ciscomodel:prime collaborationscope:eqversion:9.0.5

Trust: 1.6

vendor:ciscomodel:prime collaborationscope:eqversion:11.0.0

Trust: 1.6

vendor:ciscomodel:prime collaborationscope:eqversion:11.0

Trust: 0.8

vendor:ciscomodel:prime collaborationscope:eqversion:9.0

Trust: 0.8

sources: JVNDB: JVNDB-2016-001498 // CNNVD: CNNVD-201602-248 // NVD: CVE-2016-1320

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1320
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1320
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-248
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90139
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1320
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90139
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1320
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90139 // JVNDB: JVNDB-2016-001498 // CNNVD: CNNVD-201602-248 // NVD: CVE-2016-1320

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-90139 // JVNDB: JVNDB-2016-001498 // NVD: CVE-2016-1320

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201602-248

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201602-248

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001498

PATCH
title:cisco-sa-20160209-pcpurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160209-pcp
Trust: 0.8
title:Cisco Prime Collaboration CLI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60190
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001498 // 
            
            
            
            CNNVD: CNNVD-201602-248

EXTERNAL IDS
db:NVDid:CVE-2016-1320
Trust: 2.5
db:TENABLEid:TRA-2016-38
Trust: 1.1
db:JVNDBid:JVNDB-2016-001498
Trust: 0.8
db:CNNVDid:CNNVD-201602-248
Trust: 0.7
db:VULHUBid:VHN-90139
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90139 // 
            
            
            
            JVNDB: JVNDB-2016-001498 // 
            
            
            
            CNNVD: CNNVD-201602-248 // 
            
            
            
            NVD: CVE-2016-1320

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160209-pcp
Trust: 1.7
url:https://www.tenable.com/security/research/tra-2016-38
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1320
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1320
Trust: 0.8
sources:
            
            
            VULHUB: VHN-90139 // 
            
            
            
            JVNDB: JVNDB-2016-001498 // 
            
            
            
            CNNVD: CNNVD-201602-248 // 
            
            
            
            NVD: CVE-2016-1320

SOURCES
db:VULHUBid:VHN-90139
db:JVNDBid:JVNDB-2016-001498
db:CNNVDid:CNNVD-201602-248
db:NVDid:CVE-2016-1320

LAST UPDATE DATE
2025-04-13T23:31:27.902000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90139date:2016-12-29T00:00:00
db:JVNDBid:JVNDB-2016-001498date:2016-02-25T00:00:00
db:CNNVDid:CNNVD-201602-248date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1320date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90139date:2016-02-12T00:00:00
db:JVNDBid:JVNDB-2016-001498date:2016-02-25T00:00:00
db:CNNVDid:CNNVD-201602-248date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1320date:2016-02-12T01:59:03.083