Sign-up

ID

VAR-201608-0243


CVE

CVE-2016-1477


TITLE

Cisco Connected Streaming Analytics Vulnerabilities in obtaining notification service password

Trust: 0.8

sources: JVNDB: JVNDB-2016-004440

DESCRIPTION

Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated users to discover a notification service password by reading administrative pages, aka Bug ID CSCuz92891. Attackers can exploit this issue to gain unauthorized access to the affected device. This may aid in further attacks. The issue is being tracked by Cisco Bug ID CSCuz92891. The platform provides functions such as rapid detection of problems, risks and immediate decision-making, real-time reporting and early warning. A remote attacker could exploit this vulnerability by reading the administrator page to discover the server password

Trust: 1.98

sources: NVD: CVE-2016-1477 // JVNDB: JVNDB-2016-004440 // BID: 92398 // VULHUB: VHN-90296

AFFECTED PRODUCTS

vendor:ciscomodel:connected streaming analyticsscope:eqversion:1.1.1_base

Trust: 1.6

vendor:ciscomodel:connected streaming analyticsscope:eqversion:1.1.1

Trust: 0.8

vendor:ciscomodel:connected streaming analyticscope:eqversion:1.1

Trust: 0.3

sources: BID: 92398 // JVNDB: JVNDB-2016-004440 // CNNVD: CNNVD-201608-221 // NVD: CVE-2016-1477

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1477
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-1477
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201608-221
value: MEDIUM

Trust: 0.6

VULHUB: VHN-90296
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1477
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-90296
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1477
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-90296 // JVNDB: JVNDB-2016-004440 // CNNVD: CNNVD-201608-221 // NVD: CVE-2016-1477

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-90296 // JVNDB: JVNDB-2016-004440 // NVD: CVE-2016-1477

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-221

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201608-221

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004440

PATCH
title:cisco-sa-20160810-csaurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-csa
Trust: 0.8
title:Cisco Connected Streaming Analytics Fixes for unauthorized access vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63610
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004440 // 
            
            
            
            CNNVD: CNNVD-201608-221

EXTERNAL IDS
db:NVDid:CVE-2016-1477
Trust: 2.8
db:BIDid:92398
Trust: 2.0
db:JVNDBid:JVNDB-2016-004440
Trust: 0.8
db:CNNVDid:CNNVD-201608-221
Trust: 0.7
db:VULHUBid:VHN-90296
Trust: 0.1
sources:
            
            
            VULHUB: VHN-90296 // 
            
            
            
            BID: 92398 // 
            
            
            
            JVNDB: JVNDB-2016-004440 // 
            
            
            
            CNNVD: CNNVD-201608-221 // 
            
            
            
            NVD: CVE-2016-1477

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160810-csa
Trust: 2.0
url:http://www.securityfocus.com/bid/92398
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1477
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1477
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-90296 // 
            
            
            
            BID: 92398 // 
            
            
            
            JVNDB: JVNDB-2016-004440 // 
            
            
            
            CNNVD: CNNVD-201608-221 // 
            
            
            
            NVD: CVE-2016-1477

CREDITS
Robert Foggia of Trustwave, Intelligence Team, SpiderLabs.
Trust: 0.9
sources:
            
            
            BID: 92398 // 
            
            
            
            CNNVD: CNNVD-201608-221

SOURCES
db:VULHUBid:VHN-90296
db:BIDid:92398
db:JVNDBid:JVNDB-2016-004440
db:CNNVDid:CNNVD-201608-221
db:NVDid:CVE-2016-1477

LAST UPDATE DATE
2025-04-13T23:41:17.337000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-90296date:2016-11-28T00:00:00
db:BIDid:92398date:2016-08-10T00:00:00
db:JVNDBid:JVNDB-2016-004440date:2016-08-24T00:00:00
db:CNNVDid:CNNVD-201608-221date:2016-08-24T00:00:00
db:NVDid:CVE-2016-1477date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-90296date:2016-08-23T00:00:00
db:BIDid:92398date:2016-08-10T00:00:00
db:JVNDBid:JVNDB-2016-004440date:2016-08-24T00:00:00
db:CNNVDid:CNNVD-201608-221date:2016-08-11T00:00:00
db:NVDid:CVE-2016-1477date:2016-08-23T02:10:20.237