Details of VAR-201606-0274

ID

VAR-201606-0274

CVE

CVE-2016-1418

TITLE

plural Cisco Aironet In access point software Linux of root Vulnerability to gain access

Trust: 0.8

sources: JVNDB: JVNDB-2016-003088

DESCRIPTION

Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug ID CSCuy64037. The Cisco Aironet 1800/2800/3800 Series AccessPoint is a small to medium wireless network access point product. A security vulnerability exists in the command line interpreter for Cisco Aironet 1800/2800/3800 Series AccessPoint. This issue being tracked by Cisco Bug ID CSCuy64037

Trust: 2.52

sources: NVD: CVE-2016-1418 // JVNDB: JVNDB-2016-003088 // CNVD: CNVD-2016-03858 // BID: 91040 // VULHUB: VHN-90237

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-03858

AFFECTED PRODUCTS

vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.2_\(100.0\)	Trust: 1.0
vendor:	cisco	model:	aironet access point software	scope:	eq	version:	8.2(100.0)	Trust: 0.8
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	3800	Trust: 0.6
vendor:	cisco	model:	aironet series access points	scope:	eq	version:	28008.2(100.0)	Trust: 0.6
vendor:	cisco	model:	aironet 1850i access point	scope:	eq	version:	8.2(100.0)	Trust: 0.6
vendor:	cisco	model:	aironet 1850e access point	scope:	eq	version:	8.2(100.0)	Trust: 0.6
vendor:	cisco	model:	aironet 1830i access point	scope:	eq	version:	8.2(100.0)	Trust: 0.6
vendor:	cisco	model:	aironet 1830e access point	scope:	eq	version:	8.2(100.0)	Trust: 0.6
vendor:	cisco	model:	aironet 2800	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 1830e	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 1850e	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 1850i	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 1830i	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	aironet 3800	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-03858 // JVNDB: JVNDB-2016-003088 // NVD: CVE-2016-1418 // CNNVD: CNNVD-201606-152

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-1418
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2016-03858
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201606-152
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90237
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-1418
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-03858
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.1
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90237
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2016-1418
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-03858 // VULHUB: VHN-90237 // JVNDB: JVNDB-2016-003088 // NVD: CVE-2016-1418 // CNNVD: CNNVD-201606-152

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-90237 // JVNDB: JVNDB-2016-003088 // NVD: CVE-2016-1418

THREAT TYPE

local

Trust: 0.9

sources: BID: 91040 // CNNVD: CNNVD-201606-152

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201606-152

CONFIGURATIONS

sources: NVD: CVE-2016-1418

PATCH

title:	cisco-sa-20160606-aap	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160606-aap	Trust: 0.8
title:	CiscoAironetAccessPoints command to inject vulnerability patches	url:	https://www.cnvd.org.cn/patchinfo/show/77142	Trust: 0.6
title:	Cisco Aironet Access Point Software Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62117	Trust: 0.6

sources: CNVD: CNVD-2016-03858 // JVNDB: JVNDB-2016-003088 // CNNVD: CNNVD-201606-152

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1418	Trust: 3.4
db:	SECTRACK	id:	1036042	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-003088	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-152	Trust: 0.7
db:	CNVD	id:	CNVD-2016-03858	Trust: 0.6
db:	AUSCERT	id:	ESB-2016.1427	Trust: 0.6
db:	BID	id:	91040	Trust: 0.4
db:	VULHUB	id:	VHN-90237	Trust: 0.1

sources: CNVD: CNVD-2016-03858 // VULHUB: VHN-90237 // BID: 91040 // JVNDB: JVNDB-2016-003088 // NVD: CVE-2016-1418 // CNNVD: CNNVD-201606-152

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160606-aap	Trust: 2.3
url:	http://www.securitytracker.com/id/1036042	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1418	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1418	Trust: 0.8
url:	http://www.auscert.org.au/./render.html?it=35486	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-03858 // VULHUB: VHN-90237 // BID: 91040 // JVNDB: JVNDB-2016-003088 // NVD: CVE-2016-1418 // CNNVD: CNNVD-201606-152

CREDITS

Cisco

Trust: 0.6

sources: CNNVD: CNNVD-201606-152

SOURCES

db:	CNVD	id:	CNVD-2016-03858
db:	VULHUB	id:	VHN-90237
db:	BID	id:	91040
db:	JVNDB	id:	JVNDB-2016-003088
db:	NVD	id:	CVE-2016-1418
db:	CNNVD	id:	CNNVD-201606-152

LAST UPDATE DATE

2023-12-18T13:34:25.807000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-03858	date:	2016-06-08T00:00:00
db:	VULHUB	id:	VHN-90237	date:	2016-06-15T00:00:00
db:	BID	id:	91040	date:	2016-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-003088	date:	2016-06-13T00:00:00
db:	NVD	id:	CVE-2016-1418	date:	2016-06-15T18:42:45.127
db:	CNNVD	id:	CNNVD-201606-152	date:	2016-06-12T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-03858	date:	2016-06-08T00:00:00
db:	VULHUB	id:	VHN-90237	date:	2016-06-08T00:00:00
db:	BID	id:	91040	date:	2016-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-003088	date:	2016-06-13T00:00:00
db:	NVD	id:	CVE-2016-1418	date:	2016-06-08T14:59:14.153
db:	CNNVD	id:	CNNVD-201606-152	date:	2016-06-07T00:00:00