Details of VAR-201606-0277

ID

VAR-201606-0277

CVE

CVE-2016-1421

TITLE

Cisco IP Phone 8800 Device Web Service disruption in applications (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-003095

DESCRIPTION

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Vendors have confirmed this vulnerability Bug ID CSCuz03034 It is released as.Service disruption through a crafted request by a third party ( Memory out-of-bounds access and Web Stop the server ) There is a possibility of being put into a state. The Cisco IP8800 Series Phones are digital phone system products. The web application of the Cisco IP8800 Series Phones does not properly check the size of the input data. Due to the nature of this issue arbitrary code execution may be possible, but this has not been confirmed. This issue is being tracked by Cisco bug ID CSCuz03034. Cisco IP 8800 is a set of telephone products provided by Cisco (Cisco) in the United States that provides video and VoIP communication functions

Trust: 2.52

sources: NVD: CVE-2016-1421 // JVNDB: JVNDB-2016-003095 // CNVD: CNVD-2016-03957 // BID: 91134 // VULHUB: VHN-90240

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-03957

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 8800 series	scope:	eq	version:	11.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8800 series	scope:	eq	version:	11.0(1)	Trust: 0.8
vendor:	cisco	model:	ip phone	scope:	eq	version:	880011.0(1)	Trust: 0.6
vendor:	cisco	model:	ip phone	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-03957 // JVNDB: JVNDB-2016-003095 // NVD: CVE-2016-1421 // CNNVD: CNNVD-201606-224

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-1421
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2016-03957
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201606-224
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90240
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-1421
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-03957
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-90240
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2016-1421
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-03957 // VULHUB: VHN-90240 // JVNDB: JVNDB-2016-003095 // NVD: CVE-2016-1421 // CNNVD: CNNVD-201606-224

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90240 // JVNDB: JVNDB-2016-003095 // NVD: CVE-2016-1421

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-224

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201606-224

CONFIGURATIONS

sources: NVD: CVE-2016-1421

PATCH

title:	cisco-sa-20160609-ipp	url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160609-ipp	Trust: 0.8
title:	Cisco IP8800 Device Web Application Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchinfo/show/77314	Trust: 0.6
title:	Cisco IP 8800 Buffer Overflow Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62179	Trust: 0.6

sources: CNVD: CNVD-2016-03957 // JVNDB: JVNDB-2016-003095 // CNNVD: CNNVD-201606-224

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1421	Trust: 3.4
db:	TENABLE	id:	TRA-2020-24	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-003095	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-224	Trust: 0.7
db:	CNVD	id:	CNVD-2016-03957	Trust: 0.6
db:	BID	id:	91134	Trust: 0.3
db:	VULHUB	id:	VHN-90240	Trust: 0.1

sources: CNVD: CNVD-2016-03957 // VULHUB: VHN-90240 // BID: 91134 // JVNDB: JVNDB-2016-003095 // NVD: CVE-2016-1421 // CNNVD: CNNVD-201606-224

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160609-ipp	Trust: 3.4
url:	https://www.tenable.com/security/research/tra-2020-24	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1421	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1421	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2016-03957 // VULHUB: VHN-90240 // BID: 91134 // JVNDB: JVNDB-2016-003095 // NVD: CVE-2016-1421 // CNNVD: CNNVD-201606-224

CREDITS

Cisco

Trust: 0.3

sources: BID: 91134

SOURCES

db:	CNVD	id:	CNVD-2016-03957
db:	VULHUB	id:	VHN-90240
db:	BID	id:	91134
db:	JVNDB	id:	JVNDB-2016-003095
db:	NVD	id:	CVE-2016-1421
db:	CNNVD	id:	CNNVD-201606-224

LAST UPDATE DATE

2023-12-18T14:05:57.203000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-03957	date:	2016-06-13T00:00:00
db:	VULHUB	id:	VHN-90240	date:	2020-04-16T00:00:00
db:	BID	id:	91134	date:	2016-07-06T14:57:00
db:	JVNDB	id:	JVNDB-2016-003095	date:	2016-06-14T00:00:00
db:	NVD	id:	CVE-2016-1421	date:	2020-04-16T17:15:11.520
db:	CNNVD	id:	CNNVD-201606-224	date:	2020-04-17T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-03957	date:	2016-06-13T00:00:00
db:	VULHUB	id:	VHN-90240	date:	2016-06-10T00:00:00
db:	BID	id:	91134	date:	2016-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-003095	date:	2016-06-14T00:00:00
db:	NVD	id:	CVE-2016-1421	date:	2016-06-10T01:59:06.037
db:	CNNVD	id:	CNNVD-201606-224	date:	2016-06-12T00:00:00