Sign-up

ID

VAR-201605-0551


CVE

CVE-2016-1393


TITLE

Cisco Cloud Network Automation Provisioner In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-002714

DESCRIPTION

SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue being tracked by Cisco Bug ID CSCuy72175

Trust: 1.98

sources: NVD: CVE-2016-1393 // JVNDB: JVNDB-2016-002714 // BID: 90519 // VULHUB: VHN-90212

AFFECTED PRODUCTS

vendor:ciscomodel:cloud network automation provisionerscope:eqversion:1.0

Trust: 2.4

vendor:ciscomodel:cloud network automation provisionerscope:eqversion:1.1

Trust: 2.4

sources: JVNDB: JVNDB-2016-002714 // CNNVD: CNNVD-201605-202 // NVD: CVE-2016-1393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1393
value: HIGH

Trust: 1.0

NVD: CVE-2016-1393
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201605-202
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90212
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1393
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90212
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1393
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90212 // JVNDB: JVNDB-2016-002714 // CNNVD: CNNVD-201605-202 // NVD: CVE-2016-1393

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-90212 // JVNDB: JVNDB-2016-002714 // NVD: CVE-2016-1393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-202

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201605-202

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-002714

PATCH
title:cisco-sa-20160510-cnapurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160510-cnap
Trust: 0.8
title:Cisco Cloud Network Automation Provisioner SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61520
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-002714 // 
            
            
            
            CNNVD: CNNVD-201605-202

EXTERNAL IDS
db:NVDid:CVE-2016-1393
Trust: 2.8
db:BIDid:90519
Trust: 1.4
db:JVNDBid:JVNDB-2016-002714
Trust: 0.8
db:CNNVDid:CNNVD-201605-202
Trust: 0.7
db:VULHUBid:VHN-90212
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90212 // 
            
            
            
            BID: 90519 // 
            
            
            
            JVNDB: JVNDB-2016-002714 // 
            
            
            
            CNNVD: CNNVD-201605-202 // 
            
            
            
            NVD: CVE-2016-1393

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160510-cnap
Trust: 1.7
url:http://www.securityfocus.com/bid/90519
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1393
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1393
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90212 // 
            
            
            
            BID: 90519 // 
            
            
            
            JVNDB: JVNDB-2016-002714 // 
            
            
            
            CNNVD: CNNVD-201605-202 // 
            
            
            
            NVD: CVE-2016-1393

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 90519

SOURCES
db:VULHUBid:VHN-90212
db:BIDid:90519
db:JVNDBid:JVNDB-2016-002714
db:CNNVDid:CNNVD-201605-202
db:NVDid:CVE-2016-1393

LAST UPDATE DATE
2025-04-13T23:17:55.385000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90212date:2016-11-28T00:00:00
db:BIDid:90519date:2016-07-06T14:37:00
db:JVNDBid:JVNDB-2016-002714date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-202date:2016-05-13T00:00:00
db:NVDid:CVE-2016-1393date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90212date:2016-05-12T00:00:00
db:BIDid:90519date:2016-05-10T00:00:00
db:JVNDBid:JVNDB-2016-002714date:2016-05-18T00:00:00
db:CNNVDid:CNNVD-201605-202date:2016-05-11T00:00:00
db:NVDid:CVE-2016-1393date:2016-05-12T01:59:10.590