Details of VAR-201604-0563

ID

VAR-201604-0563

CVE

CVE-2016-1386

TITLE

Cisco Application Policy Infrastructure Controller Enterprise Module API Vulnerabilities in which management notifications are forged

Trust: 0.8

sources: JVNDB: JVNDB-2016-002412

DESCRIPTION

The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. Vendors have confirmed this vulnerability Bug ID CSCux15521 It is released as.A third party may be able to forge management notifications through crafted attribute / value pairs. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCux15521. Cisco APIC-EM release 1.0(1) is vulnerable; other versions may also be affected. A security vulnerability exists in the Cisco APIC-EM version 1.0(1) API

Trust: 1.98

sources: NVD: CVE-2016-1386 // JVNDB: JVNDB-2016-002412 // BID: 89333 // VULHUB: VHN-90205

AFFECTED PRODUCTS

vendor:	cisco	model:	application policy infrastructure controller enterprise module	scope:	eq	version:	1.0.\(1\)	Trust: 1.6
vendor:	cisco	model:	application policy infrastructure controller enterprise module	scope:	eq	version:	1.0(1)	Trust: 0.8

sources: JVNDB: JVNDB-2016-002412 // CNNVD: CNNVD-201604-622 // NVD: CVE-2016-1386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1386
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1386
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201604-622
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90205
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1386
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90205
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1386
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90205 // JVNDB: JVNDB-2016-002412 // CNNVD: CNNVD-201604-622 // NVD: CVE-2016-1386

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-90205 // JVNDB: JVNDB-2016-002412 // NVD: CVE-2016-1386

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-622

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201604-622

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002412

PATCH

title:	cisco-sa-20160428-apic	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic	Trust: 0.8
title:	Cisco Application Policy Infrastructure Controller Enterprise Module Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61305	Trust: 0.6

sources: JVNDB: JVNDB-2016-002412 // CNNVD: CNNVD-201604-622

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1386	Trust: 2.8
db:	SECTRACK	id:	1035702	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-002412	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-622	Trust: 0.7
db:	BID	id:	89333	Trust: 0.3
db:	VULHUB	id:	VHN-90205	Trust: 0.1

sources: VULHUB: VHN-90205 // BID: 89333 // JVNDB: JVNDB-2016-002412 // CNNVD: CNNVD-201604-622 // NVD: CVE-2016-1386

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160428-apic	Trust: 2.0
url:	http://www.securitytracker.com/id/1035702	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1386	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1386	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90205 // BID: 89333 // JVNDB: JVNDB-2016-002412 // CNNVD: CNNVD-201604-622 // NVD: CVE-2016-1386

CREDITS

Cisco

Trust: 0.3

sources: BID: 89333

SOURCES

db:	VULHUB	id:	VHN-90205
db:	BID	id:	89333
db:	JVNDB	id:	JVNDB-2016-002412
db:	CNNVD	id:	CNNVD-201604-622
db:	NVD	id:	CVE-2016-1386

LAST UPDATE DATE

2025-04-12T23:19:36.522000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90205	date:	2016-12-03T00:00:00
db:	BID	id:	89333	date:	2016-07-06T14:34:00
db:	JVNDB	id:	JVNDB-2016-002412	date:	2016-05-06T00:00:00
db:	CNNVD	id:	CNNVD-201604-622	date:	2016-04-29T00:00:00
db:	NVD	id:	CVE-2016-1386	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90205	date:	2016-04-28T00:00:00
db:	BID	id:	89333	date:	2016-04-28T00:00:00
db:	JVNDB	id:	JVNDB-2016-002412	date:	2016-05-06T00:00:00
db:	CNNVD	id:	CNNVD-201604-622	date:	2016-04-29T00:00:00
db:	NVD	id:	CVE-2016-1386	date:	2016-04-28T22:59:00.147