Sign-up

ID

VAR-201602-0062


CVE

CVE-2016-1324


TITLE

Cisco Spark of REST Service disruption at the interface (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-001463

DESCRIPTION

The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. Vendors have confirmed this vulnerability Bug ID CSCuv84125 It is released as.Service operation disruption by accessing the management page by a third party ( Stop resources ) There is a possibility of being put into a state. Cisco Spark is a set of collaborative service solutions of Cisco (Cisco). By providing a virtual space, the solution allows teams at any location to work together, call and video, discuss issues, store team files and documents, etc

Trust: 1.71

sources: NVD: CVE-2016-1324 // JVNDB: JVNDB-2016-001463 // VULHUB: VHN-90143

AFFECTED PRODUCTS

vendor:ciscomodel:sparkscope:eqversion:2015-06_base

Trust: 1.6

vendor:ciscomodel:sparkscope:eqversion:2015-06

Trust: 0.8

sources: JVNDB: JVNDB-2016-001463 // CNNVD: CNNVD-201602-251 // NVD: CVE-2016-1324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1324
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1324
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201602-251
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90143
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1324
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90143
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1324
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-90143 // JVNDB: JVNDB-2016-001463 // CNNVD: CNNVD-201602-251 // NVD: CVE-2016-1324

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-90143 // JVNDB: JVNDB-2016-001463 // NVD: CVE-2016-1324

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-251

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201602-251

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001463

PATCH
title:cisco-sa-20160210-sp3url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-sp3
Trust: 0.8
title:Cisco Spark REST Repair measures for interface denial of service vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60193
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-001463 // 
            
            
            
            CNNVD: CNNVD-201602-251

EXTERNAL IDS
db:NVDid:CVE-2016-1324
Trust: 2.5
db:JVNDBid:JVNDB-2016-001463
Trust: 0.8
db:CNNVDid:CNNVD-201602-251
Trust: 0.7
db:VULHUBid:VHN-90143
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90143 // 
            
            
            
            JVNDB: JVNDB-2016-001463 // 
            
            
            
            CNNVD: CNNVD-201602-251 // 
            
            
            
            NVD: CVE-2016-1324

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160210-sp3
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1324
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1324
Trust: 0.8
sources:
            
            
            VULHUB: VHN-90143 // 
            
            
            
            JVNDB: JVNDB-2016-001463 // 
            
            
            
            CNNVD: CNNVD-201602-251 // 
            
            
            
            NVD: CVE-2016-1324

SOURCES
db:VULHUBid:VHN-90143
db:JVNDBid:JVNDB-2016-001463
db:CNNVDid:CNNVD-201602-251
db:NVDid:CVE-2016-1324

LAST UPDATE DATE
2025-04-12T23:29:29.171000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90143date:2016-02-24T00:00:00
db:JVNDBid:JVNDB-2016-001463date:2016-03-01T00:00:00
db:CNNVDid:CNNVD-201602-251date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1324date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90143date:2016-02-12T00:00:00
db:JVNDBid:JVNDB-2016-001463date:2016-02-22T00:00:00
db:CNNVDid:CNNVD-201602-251date:2016-02-15T00:00:00
db:NVDid:CVE-2016-1324date:2016-02-12T01:59:06.007