Sign-up

ID

VAR-201606-0276


CVE

CVE-2016-1420


TITLE

Cisco Application Policy Infrastructure Controller In device software root Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2016-003094

DESCRIPTION

The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347. Vendors have confirmed this vulnerability Bug ID CSCuz72347 It is released as.By local users root Access rights may be obtained. A local attacker may exploit this issue to gain root privileges on the affected system. This issue is being tracked by Cisco Bug ID CSCuz72347

Trust: 1.98

sources: NVD: CVE-2016-1420 // JVNDB: JVNDB-2016-003094 // BID: 91152 // VULHUB: VHN-90239

AFFECTED PRODUCTS

vendor:ciscomodel:application infrastructure controllerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(1e\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(1k\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(1n\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(3n\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1\(1j\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(4h\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1\(0.920a\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(3i\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(3k\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(2m\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(3f\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1\(3f\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(2j\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(1h\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(4o\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controller softwarescope:ltversion:1.3(2f)

Trust: 0.8

sources: JVNDB: JVNDB-2016-003094 // CNNVD: CNNVD-201606-223 // NVD: CVE-2016-1420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1420
value: HIGH

Trust: 1.0

NVD: CVE-2016-1420
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201606-223
value: HIGH

Trust: 0.6

VULHUB: VHN-90239
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1420
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90239
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1420
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90239 // JVNDB: JVNDB-2016-003094 // CNNVD: CNNVD-201606-223 // NVD: CVE-2016-1420

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-1420

THREAT TYPE

local

Trust: 0.9

sources: BID: 91152 // CNNVD: CNNVD-201606-223

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201606-223

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-003094

PATCH
title:cisco-sa-20160609-apicurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic
Trust: 0.8
title:Cisco Application Policy Infrastructure Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62178
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003094 // 
            
            
            
            CNNVD: CNNVD-201606-223

EXTERNAL IDS
db:NVDid:CVE-2016-1420
Trust: 2.8
db:JVNDBid:JVNDB-2016-003094
Trust: 0.8
db:CNNVDid:CNNVD-201606-223
Trust: 0.7
db:BIDid:91152
Trust: 0.3
db:VULHUBid:VHN-90239
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90239 // 
            
            
            
            BID: 91152 // 
            
            
            
            JVNDB: JVNDB-2016-003094 // 
            
            
            
            CNNVD: CNNVD-201606-223 // 
            
            
            
            NVD: CVE-2016-1420

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160609-apic
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1420
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1420
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90239 // 
            
            
            
            BID: 91152 // 
            
            
            
            JVNDB: JVNDB-2016-003094 // 
            
            
            
            CNNVD: CNNVD-201606-223 // 
            
            
            
            NVD: CVE-2016-1420

CREDITS
Mgr. Lubomir Vesely of Aliter Technologies, a.s.
Trust: 0.3
sources:
            
            
            BID: 91152

SOURCES
db:VULHUBid:VHN-90239
db:BIDid:91152
db:JVNDBid:JVNDB-2016-003094
db:CNNVDid:CNNVD-201606-223
db:NVDid:CVE-2016-1420

LAST UPDATE DATE
2025-04-13T23:38:59.675000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90239date:2016-06-10T00:00:00
db:BIDid:91152date:2016-07-06T14:57:00
db:JVNDBid:JVNDB-2016-003094date:2016-06-14T00:00:00
db:CNNVDid:CNNVD-201606-223date:2016-06-12T00:00:00
db:NVDid:CVE-2016-1420date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90239date:2016-06-10T00:00:00
db:BIDid:91152date:2016-06-09T00:00:00
db:JVNDBid:JVNDB-2016-003094date:2016-06-14T00:00:00
db:CNNVDid:CNNVD-201606-223date:2016-06-12T00:00:00
db:NVDid:CVE-2016-1420date:2016-06-10T01:59:05.037