Details of VAR-201611-0163

ID

VAR-201611-0163

CVE

CVE-2016-6452

TITLE

Cisco Prime Home of Web Base of GUI Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2016-005734

DESCRIPTION

A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2). Vendors have confirmed this vulnerability Bug ID CSCvb71732 It is released as.Authentication may be bypassed by a third party. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvb71732. The solution provides visibility into a unified view of connected devices in the home, reduces home network operating costs and improves user experience, among other features. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to gain full administrator privileges

Trust: 2.07

sources: NVD: CVE-2016-6452 // JVNDB: JVNDB-2016-005734 // BID: 94070 // VULHUB: VHN-95272 // VULMON: CVE-2016-6452

AFFECTED PRODUCTS

vendor:	cisco	model:	prime home	scope:	eq	version:	5.1_base	Trust: 1.6
vendor:	cisco	model:	prime home	scope:	eq	version:	5.0_base	Trust: 1.6
vendor:	cisco	model:	prime home	scope:	eq	version:	5.2.0	Trust: 1.6
vendor:	cisco	model:	prime home	scope:	lt	version:	5.2	Trust: 0.8
vendor:	cisco	model:	prime home	scope:	lt	version:	5.0	Trust: 0.8
vendor:	cisco	model:	prime home	scope:	lt	version:	5.1.2	Trust: 0.8
vendor:	cisco	model:	prime home	scope:	eq	version:	5.1.1.7	Trust: 0.8
vendor:	cisco	model:	prime home	scope:	eq	version:	5.2.2.3	Trust: 0.8
vendor:	cisco	model:	prime home	scope:	eq	version:	5.2.2.2	Trust: 0.3
vendor:	cisco	model:	prime home	scope:	eq	version:	5.2.2.0	Trust: 0.3
vendor:	cisco	model:	prime home	scope:	eq	version:	5.1.1.6	Trust: 0.3
vendor:	cisco	model:	prime home	scope:	eq	version:	5.1.1.0	Trust: 0.3
vendor:	cisco	model:	prime home	scope:	ne	version:	5.2.2.3	Trust: 0.3
vendor:	cisco	model:	prime home	scope:	ne	version:	5.1.1.7	Trust: 0.3

sources: BID: 94070 // JVNDB: JVNDB-2016-005734 // CNNVD: CNNVD-201611-003 // NVD: CVE-2016-6452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6452
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-6452
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201611-003
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-95272
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-6452
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-6452
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-95272
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6452
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95272 // VULMON: CVE-2016-6452 // JVNDB: JVNDB-2016-005734 // CNNVD: CNNVD-201611-003 // NVD: CVE-2016-6452

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-95272 // JVNDB: JVNDB-2016-005734 // NVD: CVE-2016-6452

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-003

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201611-003

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005734

PATCH

title:	cisco-sa-20161102-cph	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-cph	Trust: 0.8
title:	Cisco Prime Home Fixes for authentication bypassing vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65233	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/cisco-patches-authentication-bypass-in-cisco-prime-home/123551/	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/	Trust: 0.1

sources: VULMON: CVE-2016-6452 // JVNDB: JVNDB-2016-005734 // CNNVD: CNNVD-201611-003

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6452	Trust: 2.9
db:	BID	id:	94070	Trust: 1.5
db:	JVNDB	id:	JVNDB-2016-005734	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-003	Trust: 0.7
db:	VULHUB	id:	VHN-95272	Trust: 0.1
db:	VULMON	id:	CVE-2016-6452	Trust: 0.1

sources: VULHUB: VHN-95272 // VULMON: CVE-2016-6452 // BID: 94070 // JVNDB: JVNDB-2016-005734 // CNNVD: CNNVD-201611-003 // NVD: CVE-2016-6452

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-cph	Trust: 2.1
url:	http://www.securityfocus.com/bid/94070	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6452	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6452	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-patches-authentication-bypass-in-cisco-prime-home/123551/	Trust: 0.1

sources: VULHUB: VHN-95272 // VULMON: CVE-2016-6452 // BID: 94070 // JVNDB: JVNDB-2016-005734 // CNNVD: CNNVD-201611-003 // NVD: CVE-2016-6452

CREDITS

Cisco

Trust: 0.3

sources: BID: 94070

SOURCES

db:	VULHUB	id:	VHN-95272
db:	VULMON	id:	CVE-2016-6452
db:	BID	id:	94070
db:	JVNDB	id:	JVNDB-2016-005734
db:	CNNVD	id:	CNNVD-201611-003
db:	NVD	id:	CVE-2016-6452

LAST UPDATE DATE

2025-04-13T23:23:34.359000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95272	date:	2016-11-28T00:00:00
db:	VULMON	id:	CVE-2016-6452	date:	2016-11-28T00:00:00
db:	BID	id:	94070	date:	2016-11-24T01:07:00
db:	JVNDB	id:	JVNDB-2016-005734	date:	2016-11-08T00:00:00
db:	CNNVD	id:	CNNVD-201611-003	date:	2016-11-04T00:00:00
db:	NVD	id:	CVE-2016-6452	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95272	date:	2016-11-03T00:00:00
db:	VULMON	id:	CVE-2016-6452	date:	2016-11-03T00:00:00
db:	BID	id:	94070	date:	2016-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2016-005734	date:	2016-11-08T00:00:00
db:	CNNVD	id:	CNNVD-201611-003	date:	2016-11-04T00:00:00
db:	NVD	id:	CVE-2016-6452	date:	2016-11-03T21:59:07.873