Details of VAR-201606-0430

ID

VAR-201606-0430

CVE

CVE-2016-1391

TITLE

Cisco Prime Network Analysis Module and Prime Virtual Network Analysis Module In any OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003022

DESCRIPTION

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) allow remote authenticated users to execute arbitrary OS commands via a crafted HTTP request, aka Bug ID CSCuy21889. Vendors have confirmed this vulnerability Bug ID CSCuy21889 It is released as.Skillfully crafted by a third party HTTP Any via request OS The command may be executed. Multiple Cisco products are are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code on the affected system. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCuy21889

Trust: 1.98

sources: NVD: CVE-2016-1391 // JVNDB: JVNDB-2016-003022 // BID: 90983 // VULHUB: VHN-90210

AFFECTED PRODUCTS

vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	5.1.0	Trust: 1.6
vendor:	cisco	model:	prime virtual network analysis module software	scope:	eq	version:	6.2.0	Trust: 1.6
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	6.0.2	Trust: 1.6
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	6.1.1	Trust: 1.6
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	cisco	model:	prime virtual network analysis module software	scope:	eq	version:	6.1.0	Trust: 1.6
vendor:	cisco	model:	prime virtual network analysis module software	scope:	eq	version:	6.2.1	Trust: 1.6
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	5.1.2	Trust: 1.6
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	6.2.0	Trust: 1.6
vendor:	cisco	model:	prime virtual network analysis module software	scope:	eq	version:	6.0.0	Trust: 1.6
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	5.0.2	Trust: 1.0
vendor:	cisco	model:	prime virtual network analysis module software	scope:	lt	version:	6.2.x	Trust: 0.8
vendor:	cisco	model:	prime network analysis module software	scope:	eq	version:	6.2(2)	Trust: 0.8
vendor:	cisco	model:	prime virtual network analysis module software	scope:	eq	version:	6.2(2)	Trust: 0.8
vendor:	cisco	model:	prime network analysis module software	scope:	lt	version:	6.2.x	Trust: 0.8

sources: JVNDB: JVNDB-2016-003022 // CNNVD: CNNVD-201606-007 // NVD: CVE-2016-1391

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1391
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1391
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201606-007
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90210
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1391
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90210
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1391
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2016-1391
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-90210 // JVNDB: JVNDB-2016-003022 // CNNVD: CNNVD-201606-007 // NVD: CVE-2016-1391

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-90210 // JVNDB: JVNDB-2016-003022 // NVD: CVE-2016-1391

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-007

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201606-007

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003022

PATCH

title:	cisco-sa-20160601-prime2	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime2	Trust: 0.8
title:	Cisco Prime Network Analysis Module and Cisco Prime Virtual Network Analysis Module Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62033	Trust: 0.6

sources: JVNDB: JVNDB-2016-003022 // CNNVD: CNNVD-201606-007

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1391	Trust: 2.8
db:	SECTRACK	id:	1036014	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-003022	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-007	Trust: 0.7
db:	BID	id:	90983	Trust: 0.4
db:	VULHUB	id:	VHN-90210	Trust: 0.1

sources: VULHUB: VHN-90210 // BID: 90983 // JVNDB: JVNDB-2016-003022 // CNNVD: CNNVD-201606-007 // NVD: CVE-2016-1391

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160601-prime2	Trust: 1.7
url:	http://www.securitytracker.com/id/1036014	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1391	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1391	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-90210 // BID: 90983 // JVNDB: JVNDB-2016-003022 // CNNVD: CNNVD-201606-007 // NVD: CVE-2016-1391

CREDITS

Daniel Jensen of Security-Assessment.com

Trust: 0.6

sources: CNNVD: CNNVD-201606-007

SOURCES

db:	VULHUB	id:	VHN-90210
db:	BID	id:	90983
db:	JVNDB	id:	JVNDB-2016-003022
db:	CNNVD	id:	CNNVD-201606-007
db:	NVD	id:	CVE-2016-1391

LAST UPDATE DATE

2025-04-13T23:14:16.180000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90210	date:	2017-08-08T00:00:00
db:	BID	id:	90983	date:	2016-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-003022	date:	2016-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201606-007	date:	2021-09-10T00:00:00
db:	NVD	id:	CVE-2016-1391	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90210	date:	2016-06-04T00:00:00
db:	BID	id:	90983	date:	2016-06-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-003022	date:	2016-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201606-007	date:	2016-06-02T00:00:00
db:	NVD	id:	CVE-2016-1391	date:	2016-06-04T01:59:03.897