Sign-up

ID

VAR-201607-0418


CVE

CVE-2016-1416


TITLE

Cisco Prime Collaboration Provisioning Vulnerabilities in which administrator privileges are obtained

Trust: 0.8

sources: JVNDB: JVNDB-2016-003419

DESCRIPTION

Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. Vendors have confirmed this vulnerability Bug ID CSCuv37513 It is released as.A third party could gain administrative privileges through a crafted login attempt. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue being tracked by Cisco Bug ID CSCuv37513. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

Trust: 1.98

sources: NVD: CVE-2016-1416 // JVNDB: JVNDB-2016-003419 // BID: 91505 // VULHUB: VHN-90235

AFFECTED PRODUCTS

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6.2

Trust: 1.6

vendor:ciscomodel:prime collaboration provisioningscope:eqversion:10.6 sp2 (10.6.0.10602)

Trust: 0.8

sources: JVNDB: JVNDB-2016-003419 // NVD: CVE-2016-1416 // CNNVD: CNNVD-201606-652

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-1416
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-201606-652
value: CRITICAL

Trust: 0.6

VULHUB: VHN-90235
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-1416
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-90235
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: CVE-2016-1416
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-90235 // JVNDB: JVNDB-2016-003419 // NVD: CVE-2016-1416 // CNNVD: CNNVD-201606-652

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-90235 // JVNDB: JVNDB-2016-003419 // NVD: CVE-2016-1416

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-652

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201606-652

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-1416

PATCH
title:cisco-sa-20160629-cpcpauthbypassurl:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-cpcpauthbypass
Trust: 0.8
title:Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62561
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003419 // 
            
            
            
            CNNVD: CNNVD-201606-652

EXTERNAL IDS
db:NVDid:CVE-2016-1416
Trust: 2.8
db:BIDid:91505
Trust: 1.4
db:SECTRACKid:1036212
Trust: 1.1
db:JVNDBid:JVNDB-2016-003419
Trust: 0.8
db:CNNVDid:CNNVD-201606-652
Trust: 0.7
db:VULHUBid:VHN-90235
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90235 // 
            
            
            
            BID: 91505 // 
            
            
            
            JVNDB: JVNDB-2016-003419 // 
            
            
            
            NVD: CVE-2016-1416 // 
            
            
            
            CNNVD: CNNVD-201606-652

REFERENCES
url:http://www.securityfocus.com/bid/91505
Trust: 1.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-cpcpauthbypass
Trust: 1.1
url:http://www.securitytracker.com/id/1036212
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1416
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1416
Trust: 0.8
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-cpcpauthbypass/
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90235 // 
            
            
            
            BID: 91505 // 
            
            
            
            JVNDB: JVNDB-2016-003419 // 
            
            
            
            NVD: CVE-2016-1416 // 
            
            
            
            CNNVD: CNNVD-201606-652

CREDITS
This vulnerability was found during the resolution of a support case.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201606-652

SOURCES
db:VULHUBid:VHN-90235
db:BIDid:91505
db:JVNDBid:JVNDB-2016-003419
db:NVDid:CVE-2016-1416
db:CNNVDid:CNNVD-201606-652

LAST UPDATE DATE
2023-12-18T12:29:56.503000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90235date:2017-09-01T00:00:00
db:BIDid:91505date:2016-06-29T00:00:00
db:JVNDBid:JVNDB-2016-003419date:2016-07-06T00:00:00
db:NVDid:CVE-2016-1416date:2017-09-01T01:29:03.413
db:CNNVDid:CNNVD-201606-652date:2016-07-04T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-90235date:2016-07-02T00:00:00
db:BIDid:91505date:2016-06-29T00:00:00
db:JVNDBid:JVNDB-2016-003419date:2016-07-06T00:00:00
db:NVDid:CVE-2016-1416date:2016-07-02T14:59:08.367
db:CNNVDid:CNNVD-201606-652date:2016-06-30T00:00:00