Sign-up

ID

VAR-201610-0266


CVE

CVE-2016-6397


TITLE

Cisco IPICS of UMS In the device-to-device communication interface UMS Vulnerability to change configuration parameters

Trust: 0.8

sources: JVNDB: JVNDB-2016-005653

DESCRIPTION

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). Vendors have confirmed this vulnerability Bug ID CSCva46644 It is released as.By a third party UMS The setting parameters of the system may be changed and the system may become unusable. Cisco IP Interoperability and Collaboration System is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCva46644. Cisco IP Interoperability and Collaboration System 4.8(1) through 4.10(1) are vulnerable. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents. An authentication bypass vulnerability exists in Cisco IPICS Versions 4.8(1) through 4.10(1) of Universal Media Services

Trust: 2.07

sources: NVD: CVE-2016-6397 // JVNDB: JVNDB-2016-005653 // BID: 93913 // VULHUB: VHN-95217 // VULMON: CVE-2016-6397

AFFECTED PRODUCTS

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.9\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.8\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.9\(2\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.10\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.8\(2\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.8(1) to 4.10(1)

Trust: 0.8

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.8(1)

Trust: 0.3

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.10(1)

Trust: 0.3

sources: BID: 93913 // JVNDB: JVNDB-2016-005653 // CNNVD: CNNVD-201610-769 // NVD: CVE-2016-6397

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6397
value: CRITICAL

Trust: 1.0

NVD: CVE-2016-6397
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201610-769
value: CRITICAL

Trust: 0.6

VULHUB: VHN-95217
value: HIGH

Trust: 0.1

VULMON: CVE-2016-6397
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-6397
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-95217
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6397
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95217 // VULMON: CVE-2016-6397 // JVNDB: JVNDB-2016-005653 // CNNVD: CNNVD-201610-769 // NVD: CVE-2016-6397

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-95217 // JVNDB: JVNDB-2016-005653 // NVD: CVE-2016-6397

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-769

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201610-769

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005653

PATCH
title:cisco-sa-20161026-ipicsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics
Trust: 0.8
title:Cisco IP Interoperability and Collaboration System Fixes for authentication bypassing vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65122
Trust: 0.6
title:Threatposturl:https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-6397 // 
            
            
            
            JVNDB: JVNDB-2016-005653 // 
            
            
            
            CNNVD: CNNVD-201610-769

EXTERNAL IDS
db:NVDid:CVE-2016-6397
Trust: 2.9
db:BIDid:93913
Trust: 2.1
db:JVNDBid:JVNDB-2016-005653
Trust: 0.8
db:CNNVDid:CNNVD-201610-769
Trust: 0.7
db:VULHUBid:VHN-95217
Trust: 0.1
db:VULMONid:CVE-2016-6397
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95217 // 
            
            
            
            VULMON: CVE-2016-6397 // 
            
            
            
            BID: 93913 // 
            
            
            
            JVNDB: JVNDB-2016-005653 // 
            
            
            
            CNNVD: CNNVD-201610-769 // 
            
            
            
            NVD: CVE-2016-6397

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-ipics
Trust: 2.1
url:http://www.securityfocus.com/bid/93913
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6397
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6397
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95217 // 
            
            
            
            VULMON: CVE-2016-6397 // 
            
            
            
            BID: 93913 // 
            
            
            
            JVNDB: JVNDB-2016-005653 // 
            
            
            
            CNNVD: CNNVD-201610-769 // 
            
            
            
            NVD: CVE-2016-6397

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 93913 // 
            
            
            
            CNNVD: CNNVD-201610-769

SOURCES
db:VULHUBid:VHN-95217
db:VULMONid:CVE-2016-6397
db:BIDid:93913
db:JVNDBid:JVNDB-2016-005653
db:CNNVDid:CNNVD-201610-769
db:NVDid:CVE-2016-6397

LAST UPDATE DATE
2025-04-13T23:25:07.850000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95217date:2016-11-28T00:00:00
db:VULMONid:CVE-2016-6397date:2016-11-28T00:00:00
db:BIDid:93913date:2016-11-24T01:04:00
db:JVNDBid:JVNDB-2016-005653date:2016-11-01T00:00:00
db:CNNVDid:CNNVD-201610-769date:2016-10-27T00:00:00
db:NVDid:CVE-2016-6397date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95217date:2016-10-28T00:00:00
db:VULMONid:CVE-2016-6397date:2016-10-28T00:00:00
db:BIDid:93913date:2016-10-26T00:00:00
db:JVNDBid:JVNDB-2016-005653date:2016-11-01T00:00:00
db:CNNVDid:CNNVD-201610-769date:2016-10-27T00:00:00
db:NVDid:CVE-2016-6397date:2016-10-28T10:59:12.433