Sign-up

ID

VAR-201609-0318


CVE

CVE-2016-6408


TITLE

Cisco Prime Home Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2016-004895

DESCRIPTION

Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCvb17814. Cisco Prime Home Contains a vulnerability in which arbitrary files can be read. Vendors have confirmed this vulnerability Bug ID CSCvb17814 It is released as. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. The solution provides visibility into a unified view of connected devices in the home, reduces home network operating costs and improves user experience, among other features. A remote attacker could exploit this vulnerability by sending a specially crafted XML file to read the file

Trust: 1.98

sources: NVD: CVE-2016-6408 // JVNDB: JVNDB-2016-004895 // BID: 93092 // VULHUB: VHN-95228

AFFECTED PRODUCTS

vendor:ciscomodel:prime homescope:eqversion:5.2.0

Trust: 2.4

vendor:ciscomodel:prime homescope:eqversion:0

Trust: 0.3

sources: BID: 93092 // JVNDB: JVNDB-2016-004895 // CNNVD: CNNVD-201609-505 // NVD: CVE-2016-6408

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6408
value: HIGH

Trust: 1.0

NVD: CVE-2016-6408
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201609-505
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95228
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6408
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-95228
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6408
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95228 // JVNDB: JVNDB-2016-004895 // CNNVD: CNNVD-201609-505 // NVD: CVE-2016-6408

PROBLEMTYPE DATA

problemtype:CWE-611

Trust: 1.1

problemtype:CWE-Other

Trust: 0.8

sources: VULHUB: VHN-95228 // JVNDB: JVNDB-2016-004895 // NVD: CVE-2016-6408

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-505

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201609-505

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004895

PATCH
title:cisco-sa-20160921-cphurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-cph
Trust: 0.8
title:Cisco Prime Home XML Fixes for external entity injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64242
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-004895 // 
            
            
            
            CNNVD: CNNVD-201609-505

EXTERNAL IDS
db:NVDid:CVE-2016-6408
Trust: 2.8
db:BIDid:93092
Trust: 2.0
db:JVNDBid:JVNDB-2016-004895
Trust: 0.8
db:CNNVDid:CNNVD-201609-505
Trust: 0.7
db:VULHUBid:VHN-95228
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95228 // 
            
            
            
            BID: 93092 // 
            
            
            
            JVNDB: JVNDB-2016-004895 // 
            
            
            
            CNNVD: CNNVD-201609-505 // 
            
            
            
            NVD: CVE-2016-6408

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160921-cph
Trust: 2.0
url:http://www.securityfocus.com/bid/93092
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6408
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6408
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-95228 // 
            
            
            
            BID: 93092 // 
            
            
            
            JVNDB: JVNDB-2016-004895 // 
            
            
            
            CNNVD: CNNVD-201609-505 // 
            
            
            
            NVD: CVE-2016-6408

CREDITS
Blindu Eusebiu.
Trust: 0.9
sources:
            
            
            BID: 93092 // 
            
            
            
            CNNVD: CNNVD-201609-505

SOURCES
db:VULHUBid:VHN-95228
db:BIDid:93092
db:JVNDBid:JVNDB-2016-004895
db:CNNVDid:CNNVD-201609-505
db:NVDid:CVE-2016-6408

LAST UPDATE DATE
2025-04-12T23:15:32.801000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95228date:2016-11-28T00:00:00
db:BIDid:93092date:2016-09-23T00:00:00
db:JVNDBid:JVNDB-2016-004895date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-505date:2016-09-26T00:00:00
db:NVDid:CVE-2016-6408date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95228date:2016-09-24T00:00:00
db:BIDid:93092date:2016-09-21T00:00:00
db:JVNDBid:JVNDB-2016-004895date:2016-09-28T00:00:00
db:CNNVDid:CNNVD-201609-505date:2016-09-22T00:00:00
db:NVDid:CVE-2016-6408date:2016-09-24T01:59:00.150