Sign-up

ID

VAR-201607-0542


CVE

CVE-2016-1394


TITLE

Cisco FirePOWER system In software CLI Vulnerability for which access rights are acquired

Trust: 0.8

sources: JVNDB: JVNDB-2016-003422

DESCRIPTION

Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCuz56238. The following products are affected : Adaptive Security Appliance (ASA) 5500-X Series with FirePOWER Services Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances FirePOWER 7000 Series Appliances FirePOWER 8000 Series Appliances FirePOWER Threat Defense for Integrated Services Routers (ISRs) Virtual Next-Generation Intrusion Prevention System (NGIPSv) for VMware

Trust: 1.98

sources: NVD: CVE-2016-1394 // JVNDB: JVNDB-2016-003422 // BID: 91503 // VULHUB: VHN-90213

AFFECTED PRODUCTS

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.1

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:6.0.0

Trust: 1.6

vendor:ciscomodel:firesight system softwarescope:eqversion:6.1.0

Trust: 1.6

vendor:ciscomodel:firepower systemscope:eqversion:software 6.0.0 to 6.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2016-003422 // NVD: CVE-2016-1394 // CNNVD: CNNVD-201606-651

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2016-1394
value: HIGH

Trust: 1.8

CNNVD: CNNVD-201606-651
value: HIGH

Trust: 0.6

VULHUB: VHN-90213
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2016-1394
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-90213
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

NVD:
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.0

Trust: 1.0

NVD: CVE-2016-1394
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-90213 // JVNDB: JVNDB-2016-003422 // NVD: CVE-2016-1394 // CNNVD: CNNVD-201606-651

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-90213 // JVNDB: JVNDB-2016-003422 // NVD: CVE-2016-1394

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-651

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201606-651

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2016-1394

PATCH
title:cisco-sa-20160629-fpurl:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-fp
Trust: 0.8
title:Cisco Firepower System Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62560
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-003422 // 
            
            
            
            CNNVD: CNNVD-201606-651

EXTERNAL IDS
db:NVDid:CVE-2016-1394
Trust: 2.8
db:BIDid:91503
Trust: 1.4
db:JVNDBid:JVNDB-2016-003422
Trust: 0.8
db:CNNVDid:CNNVD-201606-651
Trust: 0.7
db:VULHUBid:VHN-90213
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90213 // 
            
            
            
            BID: 91503 // 
            
            
            
            JVNDB: JVNDB-2016-003422 // 
            
            
            
            NVD: CVE-2016-1394 // 
            
            
            
            CNNVD: CNNVD-201606-651

REFERENCES
url:http://www.securityfocus.com/bid/91503
Trust: 1.1
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-fp
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1394
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1394
Trust: 0.8
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-fp/
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90213 // 
            
            
            
            BID: 91503 // 
            
            
            
            JVNDB: JVNDB-2016-003422 // 
            
            
            
            NVD: CVE-2016-1394 // 
            
            
            
            CNNVD: CNNVD-201606-651

CREDITS
This vulnerability was found during internal system security testing.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201606-651

SOURCES
db:VULHUBid:VHN-90213
db:BIDid:91503
db:JVNDBid:JVNDB-2016-003422
db:NVDid:CVE-2016-1394
db:CNNVDid:CNNVD-201606-651

LAST UPDATE DATE
2023-12-18T13:53:11.370000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90213date:2016-11-28T00:00:00
db:BIDid:91503date:2016-06-29T00:00:00
db:JVNDBid:JVNDB-2016-003422date:2016-07-07T00:00:00
db:NVDid:CVE-2016-1394date:2016-11-28T19:58:53.527
db:CNNVDid:CNNVD-201606-651date:2016-07-04T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-90213date:2016-07-03T00:00:00
db:BIDid:91503date:2016-06-29T00:00:00
db:JVNDBid:JVNDB-2016-003422date:2016-07-07T00:00:00
db:NVDid:CVE-2016-1394date:2016-07-03T01:59:02.860
db:CNNVDid:CNNVD-201606-651date:2016-06-30T00:00:00