Details of VAR-201608-0311

ID

VAR-201608-0311

CVE

CVE-2016-1365

TITLE

Cisco Application Policy Infrastructure Controller Enterprise In module root Vulnerability to execute arbitrary commands with privileges

Trust: 0.8

sources: JVNDB: JVNDB-2016-004411

DESCRIPTION

The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507. An attacker can exploit this issue to execute arbitrary code on the affected system with root privileges. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCux15507

Trust: 2.07

sources: NVD: CVE-2016-1365 // JVNDB: JVNDB-2016-004411 // BID: 92507 // VULHUB: VHN-90184 // VULMON: CVE-2016-1365

AFFECTED PRODUCTS

vendor:	cisco	model:	application policy infrastructure controller enterprise module	scope:	eq	version:	1.0.10	Trust: 1.6
vendor:	cisco	model:	application policy infrastructure controller enterprise module	scope:	eq	version:	1.0	Trust: 1.1
vendor:	cisco	model:	application policy infrastructure controller enterprise module	scope:	eq	version:	1.1	Trust: 0.8
vendor:	cisco	model:	application policy infrastructure controller enterprise module	scope:	ne	version:	1.1	Trust: 0.3

sources: BID: 92507 // JVNDB: JVNDB-2016-004411 // CNNVD: CNNVD-201608-337 // NVD: CVE-2016-1365

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1365
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1365
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201608-337
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90184
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-1365
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-1365
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-90184
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:M/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.8
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1365
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-90184 // VULMON: CVE-2016-1365 // JVNDB: JVNDB-2016-004411 // CNNVD: CNNVD-201608-337 // NVD: CVE-2016-1365

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-90184 // JVNDB: JVNDB-2016-004411 // NVD: CVE-2016-1365

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-337

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201608-337

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004411

PATCH

title:	cisco-sa-20160817-apic	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic	Trust: 0.8
title:	Cisco Application Policy Infrastructure Controller Enterprise Module Fixes for remote code execution vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63703	Trust: 0.6
title:	Cisco: Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20160817-apic	Trust: 0.1

sources: VULMON: CVE-2016-1365 // JVNDB: JVNDB-2016-004411 // CNNVD: CNNVD-201608-337

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1365	Trust: 2.9
db:	BID	id:	92507	Trust: 2.1
db:	SECTRACK	id:	1036634	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-004411	Trust: 0.8
db:	CNNVD	id:	CNNVD-201608-337	Trust: 0.7
db:	VULHUB	id:	VHN-90184	Trust: 0.1
db:	VULMON	id:	CVE-2016-1365	Trust: 0.1

sources: VULHUB: VHN-90184 // VULMON: CVE-2016-1365 // BID: 92507 // JVNDB: JVNDB-2016-004411 // CNNVD: CNNVD-201608-337 // NVD: CVE-2016-1365

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160817-apic	Trust: 2.2
url:	http://www.securityfocus.com/bid/92507	Trust: 1.8
url:	http://www.securitytracker.com/id/1036634	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1365	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1365	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-90184 // VULMON: CVE-2016-1365 // BID: 92507 // JVNDB: JVNDB-2016-004411 // CNNVD: CNNVD-201608-337 // NVD: CVE-2016-1365

CREDITS

Cisco

Trust: 0.9

sources: BID: 92507 // CNNVD: CNNVD-201608-337

SOURCES

db:	VULHUB	id:	VHN-90184
db:	VULMON	id:	CVE-2016-1365
db:	BID	id:	92507
db:	JVNDB	id:	JVNDB-2016-004411
db:	CNNVD	id:	CNNVD-201608-337
db:	NVD	id:	CVE-2016-1365

LAST UPDATE DATE

2025-04-12T23:36:52.425000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90184	date:	2017-08-16T00:00:00
db:	VULMON	id:	CVE-2016-1365	date:	2017-08-16T00:00:00
db:	BID	id:	92507	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004411	date:	2016-08-22T00:00:00
db:	CNNVD	id:	CNNVD-201608-337	date:	2016-08-19T00:00:00
db:	NVD	id:	CVE-2016-1365	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90184	date:	2016-08-18T00:00:00
db:	VULMON	id:	CVE-2016-1365	date:	2016-08-18T00:00:00
db:	BID	id:	92507	date:	2016-08-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-004411	date:	2016-08-22T00:00:00
db:	CNNVD	id:	CNNVD-201608-337	date:	2016-08-18T00:00:00
db:	NVD	id:	CVE-2016-1365	date:	2016-08-18T19:59:00.147