Sign-up

ID

VAR-201606-0433


CVE

CVE-2016-1397


TITLE

plural Cisco Device product firmware Web -Based management interface buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-003299

DESCRIPTION

Buffer overflow in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote authenticated users to cause a denial of service (device reload) via crafted configuration commands in an HTTP request, aka Bug ID CSCux82523. The Cisco RV130WWireless-N is a versatile VPN router; the Cisco RV110W/RV215W is a router that combines wired/wireless network connectivity, VPN, and firewall. Multiple Cisco Products are prone to a denial-of-service vulnerability. Attackers can exploit this issue to reload the affected device, denying service to legitimate users. This issue is being tracked by Cisco bug IDs CSCux82523, CSCux82531 and CSCux82536

Trust: 2.52

sources: NVD: CVE-2016-1397 // JVNDB: JVNDB-2016-003299 // CNVD: CNVD-2016-04094 // BID: 91216 // VULHUB: VHN-90216

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04094

AFFECTED PRODUCTS

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:eqversion:1.0.1.3

Trust: 1.0

vendor:ciscomodel:rv215w wireless-n vpn routerscope:eqversion:1.2.0.14

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:eqversion:1.2.1.4

Trust: 1.0

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:eqversion:1.0.2.7

Trust: 1.0

vendor:ciscomodel:rv215w wireless-n vpn routerscope:eqversion:1.1.0.5

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:eqversion:1.2.0.9

Trust: 1.0

vendor:ciscomodel:rv215w wireless-n vpn routerscope:eqversion:1.1.0.6

Trust: 1.0

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:eqversion:1.0.0.21

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:eqversion:1.2.0.10

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:eqversion:1.1.0.9

Trust: 1.0

vendor:ciscomodel:rv215w wireless-n vpn routerscope:eqversion:1.2.0.15

Trust: 1.0

vendor:ciscomodel:rv215w wireless-n vpn routerscope:eqversion:1.3.0.7

Trust: 1.0

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:ltversion:1.2.1.7

Trust: 0.8

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:ltversion:1.0.3.16

Trust: 0.8

vendor:ciscomodel:rv215w wireless-n vpn routerscope:ltversion:1.3.0.8

Trust: 0.8

vendor:ciscomodel:rv110w wireless-n vpn firewallscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv215w wireless-n vpn routerscope: - version: -

Trust: 0.6

vendor:ciscomodel:rv215w wireless-n vpn routerscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:rv130w wireless-n multifunction vpn routerscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:rv110w wireless-n vpn firewallscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-04094 // JVNDB: JVNDB-2016-003299 // NVD: CVE-2016-1397 // CNNVD: CNNVD-201606-366

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-1397
value: MEDIUM

Trust: 1.8

CNVD: CNVD-2016-04094
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-366
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90216
value: MEDIUM

Trust: 0.1

NVD:
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-1397
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-04094
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90216
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: CVE-2016-1397
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-04094 // VULHUB: VHN-90216 // JVNDB: JVNDB-2016-003299 // NVD: CVE-2016-1397 // CNNVD: CNNVD-201606-366

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-90216 // JVNDB: JVNDB-2016-003299 // NVD: CVE-2016-1397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-366

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201606-366

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-1397

PATCH
title:cisco-sa-20160615-rv2url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-003299

EXTERNAL IDS
db:NVDid:CVE-2016-1397
Trust: 3.4
db:SECTRACKid:1036115
Trust: 1.1
db:JVNDBid:JVNDB-2016-003299
Trust: 0.8
db:CNNVDid:CNNVD-201606-366
Trust: 0.7
db:CNVDid:CNVD-2016-04094
Trust: 0.6
db:BIDid:91216
Trust: 0.3
db:VULHUBid:VHN-90216
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-04094 // 
            
            
            
            VULHUB: VHN-90216 // 
            
            
            
            BID: 91216 // 
            
            
            
            JVNDB: JVNDB-2016-003299 // 
            
            
            
            NVD: CVE-2016-1397 // 
            
            
            
            CNNVD: CNNVD-201606-366

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv2
Trust: 1.7
url:http://www.securitytracker.com/id/1036115
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1397
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1397
Trust: 0.8
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160615-rv2/
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-04094 // 
            
            
            
            VULHUB: VHN-90216 // 
            
            
            
            BID: 91216 // 
            
            
            
            JVNDB: JVNDB-2016-003299 // 
            
            
            
            NVD: CVE-2016-1397 // 
            
            
            
            CNNVD: CNNVD-201606-366

CREDITS
Cisco would like to thank security researcher Samuel Huntley for finding and reporting this vulnerability.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201606-366

SOURCES
db:CNVDid:CNVD-2016-04094
db:VULHUBid:VHN-90216
db:BIDid:91216
db:JVNDBid:JVNDB-2016-003299
db:NVDid:CVE-2016-1397
db:CNNVDid:CNNVD-201606-366

LAST UPDATE DATE
2023-12-18T12:44:51.345000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04094date:2016-06-17T00:00:00
db:VULHUBid:VHN-90216date:2017-09-01T00:00:00
db:BIDid:91216date:2016-07-06T15:00:00
db:JVNDBid:JVNDB-2016-003299date:2016-06-22T00:00:00
db:NVDid:CVE-2016-1397date:2017-09-01T01:29:03.240
db:CNNVDid:CNNVD-201606-366date:2016-06-16T00:00:00

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-04094date:2016-06-17T00:00:00
db:VULHUBid:VHN-90216date:2016-06-19T00:00:00
db:BIDid:91216date:2016-06-15T00:00:00
db:JVNDBid:JVNDB-2016-003299date:2016-06-22T00:00:00
db:NVDid:CVE-2016-1397date:2016-06-19T01:59:05.107
db:CNNVDid:CNNVD-201606-366date:2016-06-16T00:00:00