Details of VAR-201607-0422

ID

VAR-201607-0422

CVE

CVE-2016-1441

TITLE

Cisco Configuration Assistant of CNAP Vulnerabilities that can bypass file system and management endpoint restrictions

Trust: 0.8

sources: JVNDB: JVNDB-2016-003423

DESCRIPTION

Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco Configuration Assistant (CCA) allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls, aka Bug ID CSCuy77145. Vendors have confirmed this vulnerability Bug ID CSCuy77145 It is released as.By a third party GET API Via calls, file system and administrative endpoint restrictions may be bypassed. Cisco Configuration Assistant is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected application. This may aid in further attacks. This issue is being tracked by Cisco bug ID CSCuy77145. Cisco CNAP release 1.0(0), which is part of Cisco Configuration Assistant (CCA), is affected. A security vulnerability exists in CNAP version 1.0(0) of Cisco CCA due to the lack of controller mechanism and input validation mechanism in the program

Trust: 2.07

sources: NVD: CVE-2016-1441 // JVNDB: JVNDB-2016-003423 // BID: 91523 // VULHUB: VHN-90260 // VULMON: CVE-2016-1441

AFFECTED PRODUCTS

vendor:	cisco	model:	cloud network automation provisioner	scope:	eq	version:	1.0\(0\)	Trust: 1.6
vendor:	cisco	model:	cloud network automation provisioner	scope:	eq	version:	1.0(0)	Trust: 0.8

sources: JVNDB: JVNDB-2016-003423 // CNNVD: CNNVD-201606-676 // NVD: CVE-2016-1441

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1441
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1441
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201606-676
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90260
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-1441
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1441
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-90260
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1441
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90260 // VULMON: CVE-2016-1441 // JVNDB: JVNDB-2016-003423 // CNNVD: CNNVD-201606-676 // NVD: CVE-2016-1441

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-90260 // JVNDB: JVNDB-2016-003423 // NVD: CVE-2016-1441

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-676

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201606-676

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-003423

PATCH

title:

cisco-sa-20160630-cca

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160630-cca

Trust: 0.8

sources: JVNDB: JVNDB-2016-003423

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1441	Trust: 2.9
db:	BID	id:	91523	Trust: 1.5
db:	JVNDB	id:	JVNDB-2016-003423	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-676	Trust: 0.7
db:	VULHUB	id:	VHN-90260	Trust: 0.1
db:	VULMON	id:	CVE-2016-1441	Trust: 0.1

sources: VULHUB: VHN-90260 // VULMON: CVE-2016-1441 // BID: 91523 // JVNDB: JVNDB-2016-003423 // CNNVD: CNNVD-201606-676 // NVD: CVE-2016-1441

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160630-cca	Trust: 1.8
url:	http://www.securityfocus.com/bid/91523	Trust: 1.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1441	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1441	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-90260 // VULMON: CVE-2016-1441 // BID: 91523 // JVNDB: JVNDB-2016-003423 // CNNVD: CNNVD-201606-676 // NVD: CVE-2016-1441

CREDITS

Cisco

Trust: 0.3

sources: BID: 91523

SOURCES

db:	VULHUB	id:	VHN-90260
db:	VULMON	id:	CVE-2016-1441
db:	BID	id:	91523
db:	JVNDB	id:	JVNDB-2016-003423
db:	CNNVD	id:	CNNVD-201606-676
db:	NVD	id:	CVE-2016-1441

LAST UPDATE DATE

2025-04-12T23:04:13.407000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90260	date:	2016-11-28T00:00:00
db:	VULMON	id:	CVE-2016-1441	date:	2016-11-28T00:00:00
db:	BID	id:	91523	date:	2016-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2016-003423	date:	2016-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201606-676	date:	2016-07-04T00:00:00
db:	NVD	id:	CVE-2016-1441	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90260	date:	2016-07-03T00:00:00
db:	VULMON	id:	CVE-2016-1441	date:	2016-07-03T00:00:00
db:	BID	id:	91523	date:	2016-06-30T00:00:00
db:	JVNDB	id:	JVNDB-2016-003423	date:	2016-07-07T00:00:00
db:	CNNVD	id:	CNNVD-201606-676	date:	2016-06-30T00:00:00
db:	NVD	id:	CVE-2016-1441	date:	2016-07-03T01:59:03.767