Sign-up

ID

VAR-201611-0157


CVE

CVE-2016-6430


TITLE

Cisco IP Interoperability and Collaboration System Elevated privilege vulnerability in the command line interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-005729

DESCRIPTION

A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1). Vendors have confirmed this vulnerability Bug ID CSCva38636 It is released as.Local users may be able to elevate the privileges associated with the session. A local attacker may exploit this issue to gain elevated privileges on the affected system. This issue is being tracked by Cisco Bug ID CSCva38636. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents

Trust: 2.07

sources: NVD: CVE-2016-6430 // JVNDB: JVNDB-2016-005729 // BID: 93919 // VULHUB: VHN-95250 // VULMON: CVE-2016-6430

AFFECTED PRODUCTS

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.9\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.8\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.7\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.8\(2\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.6\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.10\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.9\(2\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.0\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.5\(1\)

Trust: 1.6

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:4.10(1)

Trust: 0.8

vendor:ciscomodel:ip interoperability and collaboration systemscope:eqversion:0

Trust: 0.3

sources: BID: 93919 // JVNDB: JVNDB-2016-005729 // CNNVD: CNNVD-201610-771 // NVD: CVE-2016-6430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-6430
value: HIGH

Trust: 1.0

NVD: CVE-2016-6430
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201610-771
value: MEDIUM

Trust: 0.6

VULHUB: VHN-95250
value: MEDIUM

Trust: 0.1

VULMON: CVE-2016-6430
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-6430
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-95250
severity: MEDIUM
baseScore: 6.6
vectorString: AV:L/AC:M/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.7
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-6430
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-95250 // VULMON: CVE-2016-6430 // JVNDB: JVNDB-2016-005729 // CNNVD: CNNVD-201610-771 // NVD: CVE-2016-6430

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-95250 // JVNDB: JVNDB-2016-005729 // NVD: CVE-2016-6430

THREAT TYPE

local

Trust: 0.9

sources: BID: 93919 // CNNVD: CNNVD-201610-771

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201610-771

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-005729

PATCH
title:cisco-sa-20161026-ipics2url:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2
Trust: 0.8
title:Cisco IP Interoperability and Collaboration System Repair measures for privilege escalationurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65124
Trust: 0.6
title:Threatposturl:https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2016-6430 // 
            
            
            
            JVNDB: JVNDB-2016-005729 // 
            
            
            
            CNNVD: CNNVD-201610-771

EXTERNAL IDS
db:NVDid:CVE-2016-6430
Trust: 2.9
db:BIDid:93919
Trust: 2.1
db:JVNDBid:JVNDB-2016-005729
Trust: 0.8
db:CNNVDid:CNNVD-201610-771
Trust: 0.7
db:VULHUBid:VHN-95250
Trust: 0.1
db:VULMONid:CVE-2016-6430
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95250 // 
            
            
            
            VULMON: CVE-2016-6430 // 
            
            
            
            BID: 93919 // 
            
            
            
            JVNDB: JVNDB-2016-005729 // 
            
            
            
            CNNVD: CNNVD-201610-771 // 
            
            
            
            NVD: CVE-2016-6430

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-ipics2
Trust: 2.1
url:http://www.securityfocus.com/bid/93919
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6430
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6430
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-95250 // 
            
            
            
            VULMON: CVE-2016-6430 // 
            
            
            
            BID: 93919 // 
            
            
            
            JVNDB: JVNDB-2016-005729 // 
            
            
            
            CNNVD: CNNVD-201610-771 // 
            
            
            
            NVD: CVE-2016-6430

CREDITS
Cisco.
Trust: 0.9
sources:
            
            
            BID: 93919 // 
            
            
            
            CNNVD: CNNVD-201610-771

SOURCES
db:VULHUBid:VHN-95250
db:VULMONid:CVE-2016-6430
db:BIDid:93919
db:JVNDBid:JVNDB-2016-005729
db:CNNVDid:CNNVD-201610-771
db:NVDid:CVE-2016-6430

LAST UPDATE DATE
2025-04-13T23:02:22+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-95250date:2016-11-28T00:00:00
db:VULMONid:CVE-2016-6430date:2016-11-28T00:00:00
db:BIDid:93919date:2016-11-24T05:04:00
db:JVNDBid:JVNDB-2016-005729date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201610-771date:2016-11-04T00:00:00
db:NVDid:CVE-2016-6430date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-95250date:2016-11-03T00:00:00
db:VULMONid:CVE-2016-6430date:2016-11-03T00:00:00
db:BIDid:93919date:2016-10-26T00:00:00
db:JVNDBid:JVNDB-2016-005729date:2016-11-08T00:00:00
db:CNNVDid:CNNVD-201610-771date:2016-10-27T00:00:00
db:NVDid:CVE-2016-6430date:2016-11-03T21:59:01.310