Sign-up

ID

VAR-201606-0276


CVE

CVE-2016-1420


TITLE

Cisco Application Policy Infrastructure Controller In device software root Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2016-003094

DESCRIPTION

The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347. Vendors have confirmed this vulnerability Bug ID CSCuz72347 It is released as.By local users root Access rights may be obtained. A local attacker may exploit this issue to gain root privileges on the affected system. This issue is being tracked by Cisco Bug ID CSCuz72347

Trust: 1.98

sources: NVD: CVE-2016-1420 // JVNDB: JVNDB-2016-003094 // BID: 91152 // VULHUB: VHN-90239

AFFECTED PRODUCTS

vendor:ciscomodel:application infrastructure controllerscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1\(0.920a\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(1h\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1\(1j\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(3i\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(3k\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(2j\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(2m\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(1e\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(4h\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(3n\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(4o\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.1\(3f\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(3f\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(1n\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.0\(1k\)

Trust: 1.0

vendor:ciscomodel:application policy infrastructure controller softwarescope:ltversion:1.3(2f)

Trust: 0.8

sources: JVNDB: JVNDB-2016-003094 // NVD: CVE-2016-1420 // CNNVD: CNNVD-201606-223

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-1420
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201606-223
value: HIGH

Trust: 0.6

VULHUB: VHN-90239
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-1420
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-90239
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2016-1420
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-90239 // JVNDB: JVNDB-2016-003094 // NVD: CVE-2016-1420 // CNNVD: CNNVD-201606-223

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2016-1420

THREAT TYPE

local

Trust: 0.9

sources: BID: 91152 // CNNVD: CNNVD-201606-223

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201606-223

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-1420

PATCH
title:cisco-sa-20160609-apicurl:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160609-apic
Trust: 0.8
title:Cisco Application Policy Infrastructure Controller Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62178
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003094 // 
            
            
            
            CNNVD: CNNVD-201606-223

EXTERNAL IDS
db:NVDid:CVE-2016-1420
Trust: 2.8
db:JVNDBid:JVNDB-2016-003094
Trust: 0.8
db:CNNVDid:CNNVD-201606-223
Trust: 0.7
db:BIDid:91152
Trust: 0.3
db:VULHUBid:VHN-90239
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90239 // 
            
            
            
            BID: 91152 // 
            
            
            
            JVNDB: JVNDB-2016-003094 // 
            
            
            
            NVD: CVE-2016-1420 // 
            
            
            
            CNNVD: CNNVD-201606-223

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160609-apic
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1420
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1420
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90239 // 
            
            
            
            BID: 91152 // 
            
            
            
            JVNDB: JVNDB-2016-003094 // 
            
            
            
            NVD: CVE-2016-1420 // 
            
            
            
            CNNVD: CNNVD-201606-223

CREDITS
Mgr. Lubomir Vesely of Aliter Technologies, a.s.
Trust: 0.3
sources:
            
            
            BID: 91152

SOURCES
db:VULHUBid:VHN-90239
db:BIDid:91152
db:JVNDBid:JVNDB-2016-003094
db:NVDid:CVE-2016-1420
db:CNNVDid:CNNVD-201606-223

LAST UPDATE DATE
2023-12-18T12:20:29.295000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90239date:2016-06-10T00:00:00
db:BIDid:91152date:2016-07-06T14:57:00
db:JVNDBid:JVNDB-2016-003094date:2016-06-14T00:00:00
db:NVDid:CVE-2016-1420date:2016-06-10T21:31:34.490
db:CNNVDid:CNNVD-201606-223date:2016-06-12T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-90239date:2016-06-10T00:00:00
db:BIDid:91152date:2016-06-09T00:00:00
db:JVNDBid:JVNDB-2016-003094date:2016-06-14T00:00:00
db:NVDid:CVE-2016-1420date:2016-06-10T01:59:05.037
db:CNNVDid:CNNVD-201606-223date:2016-06-12T00:00:00