Details of VAR-201609-0358

ID

VAR-201609-0358

CVE

CVE-2016-6373

TITLE

Cisco Cloud Services Platform 2100 of Web Base of GUI In root Any at authority OS Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004892

DESCRIPTION

The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote authenticated administrators to execute arbitrary OS commands as root via crafted platform commands, aka Bug ID CSCva00541. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in context of the affected application. This issue is being tracked by Cisco bug ID CSCva00541. Cisco Cloud Services Platform 2100 version 2.0 is vulnerable. web-based GUI is one of the web-based graphical user interface components

Trust: 1.98

sources: NVD: CVE-2016-6373 // JVNDB: JVNDB-2016-004892 // BID: 93093 // VULHUB: VHN-95193

AFFECTED PRODUCTS

vendor:	cisco	model:	cloud services platform 2100	scope:	eq	version:	2.0.0_base	Trust: 1.6
vendor:	cisco	model:	cloud services platform 2100	scope:	eq	version:	2.0	Trust: 0.8
vendor:	cisco	model:	cloud services platform	scope:	eq	version:	21002.0	Trust: 0.3
vendor:	cisco	model:	cloud services platform	scope:	ne	version:	21002.1	Trust: 0.3

sources: BID: 93093 // JVNDB: JVNDB-2016-004892 // CNNVD: CNNVD-201609-503 // NVD: CVE-2016-6373

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6373
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-6373
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201609-503
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-95193
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-6373
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-95193
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6373
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95193 // JVNDB: JVNDB-2016-004892 // CNNVD: CNNVD-201609-503 // NVD: CVE-2016-6373

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-95193 // JVNDB: JVNDB-2016-004892 // NVD: CVE-2016-6373

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201609-503

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201609-503

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004892

PATCH

title:	cisco-sa-20160921-csp2100-1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160921-csp2100-1	Trust: 0.8
title:	Cisco Cloud Services Platform Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64240	Trust: 0.6

sources: JVNDB: JVNDB-2016-004892 // CNNVD: CNNVD-201609-503

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6373	Trust: 2.8
db:	BID	id:	93093	Trust: 2.0
db:	SECTRACK	id:	1036865	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-004892	Trust: 0.8
db:	CNNVD	id:	CNNVD-201609-503	Trust: 0.7
db:	VULHUB	id:	VHN-95193	Trust: 0.1

sources: VULHUB: VHN-95193 // BID: 93093 // JVNDB: JVNDB-2016-004892 // CNNVD: CNNVD-201609-503 // NVD: CVE-2016-6373

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160921-csp2100-1	Trust: 2.0
url:	http://www.securityfocus.com/bid/93093	Trust: 1.7
url:	http://www.securitytracker.com/id/1036865	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6373	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6373	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-95193 // BID: 93093 // JVNDB: JVNDB-2016-004892 // CNNVD: CNNVD-201609-503 // NVD: CVE-2016-6373

CREDITS

Cisco

Trust: 0.9

sources: BID: 93093 // CNNVD: CNNVD-201609-503

SOURCES

db:	VULHUB	id:	VHN-95193
db:	BID	id:	93093
db:	JVNDB	id:	JVNDB-2016-004892
db:	CNNVD	id:	CNNVD-201609-503
db:	NVD	id:	CVE-2016-6373

LAST UPDATE DATE

2025-04-13T23:25:08.785000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95193	date:	2017-07-30T00:00:00
db:	BID	id:	93093	date:	2016-09-23T00:00:00
db:	JVNDB	id:	JVNDB-2016-004892	date:	2016-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201609-503	date:	2016-09-23T00:00:00
db:	NVD	id:	CVE-2016-6373	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95193	date:	2016-09-22T00:00:00
db:	BID	id:	93093	date:	2016-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-004892	date:	2016-09-28T00:00:00
db:	CNNVD	id:	CNNVD-201609-503	date:	2016-09-22T00:00:00
db:	NVD	id:	CVE-2016-6373	date:	2016-09-22T22:59:19.867