Details of VAR-201604-0051

ID

VAR-201604-0051

CVE

CVE-2016-1343

TITLE

Cisco Information Server of XML Vulnerability in parser to read arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2016-002411

DESCRIPTION

The XML parser in Cisco Information Server (CIS) 6.2 allows remote attackers to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuy39059. (CPU Resource and memory consumption ) There are vulnerabilities that are put into a state. This case XML External entity (XXE) Vulnerability related to the problem. Vendors have confirmed this vulnerability Bug ID CSCuy39059 It is released as. Supplementary information : CWE Vulnerability type by CWE-611: Improper Restriction of XML External Entity Reference ('XXE') (XML Inappropriate restrictions on external entity references ) Has been identified. Cisco Information Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition on a targeted system

Trust: 2.07

sources: NVD: CVE-2016-1343 // JVNDB: JVNDB-2016-002411 // BID: 89109 // VULHUB: VHN-90162 // VULMON: CVE-2016-1343

AFFECTED PRODUCTS

vendor:	cisco	model:	information server	scope:	eq	version:	6.2_base	Trust: 1.6
vendor:	cisco	model:	information server	scope:	eq	version:	6.2	Trust: 0.8

sources: JVNDB: JVNDB-2016-002411 // CNNVD: CNNVD-201604-626 // NVD: CVE-2016-1343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1343
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-1343
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201604-626
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90162
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-1343
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1343
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-90162
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1343
baseSeverity:	CRITICAL
baseScore:	10.0
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.8
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90162 // VULMON: CVE-2016-1343 // JVNDB: JVNDB-2016-002411 // CNNVD: CNNVD-201604-626 // NVD: CVE-2016-1343

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-002411 // NVD: CVE-2016-1343

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-626

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201604-626

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002411

PATCH

title:	cisco-sa-20160428-cis	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis	Trust: 0.8
title:	Cisco Information Server XML Remediation measures for resolver security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61308	Trust: 0.6

sources: JVNDB: JVNDB-2016-002411 // CNNVD: CNNVD-201604-626

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1343	Trust: 2.9
db:	JVNDB	id:	JVNDB-2016-002411	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-626	Trust: 0.7
db:	BID	id:	89109	Trust: 0.5
db:	VULHUB	id:	VHN-90162	Trust: 0.1
db:	VULMON	id:	CVE-2016-1343	Trust: 0.1

sources: VULHUB: VHN-90162 // VULMON: CVE-2016-1343 // BID: 89109 // JVNDB: JVNDB-2016-002411 // CNNVD: CNNVD-201604-626 // NVD: CVE-2016-1343

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-cis	Trust: 2.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1343	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1343	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.compositesw.com/products-services/information-server/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/89109	Trust: 0.1

sources: VULHUB: VHN-90162 // VULMON: CVE-2016-1343 // BID: 89109 // JVNDB: JVNDB-2016-002411 // CNNVD: CNNVD-201604-626 // NVD: CVE-2016-1343

CREDITS

The vendor reported the issue.

Trust: 0.3

sources: BID: 89109

SOURCES

db:	VULHUB	id:	VHN-90162
db:	VULMON	id:	CVE-2016-1343
db:	BID	id:	89109
db:	JVNDB	id:	JVNDB-2016-002411
db:	CNNVD	id:	CNNVD-201604-626
db:	NVD	id:	CVE-2016-1343

LAST UPDATE DATE

2025-04-12T23:04:22.140000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90162	date:	2016-05-04T00:00:00
db:	VULMON	id:	CVE-2016-1343	date:	2016-05-04T00:00:00
db:	BID	id:	89109	date:	2016-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-002411	date:	2016-05-06T00:00:00
db:	CNNVD	id:	CNNVD-201604-626	date:	2016-05-03T00:00:00
db:	NVD	id:	CVE-2016-1343	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90162	date:	2016-04-30T00:00:00
db:	VULMON	id:	CVE-2016-1343	date:	2016-04-30T00:00:00
db:	BID	id:	89109	date:	2016-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-002411	date:	2016-05-06T00:00:00
db:	CNNVD	id:	CNNVD-201604-626	date:	2016-04-29T00:00:00
db:	NVD	id:	CVE-2016-1343	date:	2016-04-30T10:59:04.643