Details of VAR-201611-0168

ID

VAR-201611-0168

CVE

CVE-2016-6459

TITLE

Cisco TelePresence TC Or CE The software runs TelePresence Local shell command injection vulnerability in endpoint

Trust: 0.8

sources: JVNDB: JVNDB-2016-005910

DESCRIPTION

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. Vendors have confirmed this vulnerability Bug ID CSCvb25010 It is released as.A local attacker could insert local shell commands. Cisco TelePresence Endpoints is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue is being tracked by Cisco Bug ID CSCvb25010

Trust: 2.07

sources: NVD: CVE-2016-6459 // JVNDB: JVNDB-2016-005910 // BID: 94075 // VULHUB: VHN-95279 // VULMON: CVE-2016-6459

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.1.0	Trust: 2.4
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.1.1	Trust: 2.4
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.1.2	Trust: 2.4
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.1.3	Trust: 2.4
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.1.4	Trust: 2.4
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.0	Trust: 2.4
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.1	Trust: 2.4
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.3	Trust: 2.4
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	7.3.2	Trust: 1.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	8.1.0	Trust: 1.6
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	8.0.0	Trust: 1.6
vendor:	cisco	model:	telepresence ce software	scope:	eq	version:	8.0.0	Trust: 0.8
vendor:	cisco	model:	telepresence ce software	scope:	eq	version:	8.1.0	Trust: 0.8
vendor:	cisco	model:	telepresence tc software	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	telepresence ce software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 94075 // JVNDB: JVNDB-2016-005910 // CNNVD: CNNVD-201611-022 // NVD: CVE-2016-6459

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-6459
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-6459
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201611-022
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-95279
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2016-6459
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-6459
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-95279
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-6459
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-95279 // VULMON: CVE-2016-6459 // JVNDB: JVNDB-2016-005910 // CNNVD: CNNVD-201611-022 // NVD: CVE-2016-6459

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.9

sources: VULHUB: VHN-95279 // JVNDB: JVNDB-2016-005910 // NVD: CVE-2016-6459

THREAT TYPE

local

Trust: 0.9

sources: BID: 94075 // CNNVD: CNNVD-201611-022

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201611-022

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005910

PATCH

title:	cisco-sa-20161102-tp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp	Trust: 0.8
title:	Cisco TelePresence Endpoint Fixes for local command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65299	Trust: 0.6
title:	Cisco TelePresence Endpoint Fixes for local command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65448	Trust: 0.6
title:	Symantec Security Advisories: SA147 : March 2017 NTP Security Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories&qid=7d6a7035af520037b0eb5fc69b3c488f	Trust: 0.1
title:	Threatpost	url:	https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/	Trust: 0.1

sources: VULMON: CVE-2016-6459 // JVNDB: JVNDB-2016-005910 // CNNVD: CNNVD-201611-022

EXTERNAL IDS

db:	NVD	id:	CVE-2016-6459	Trust: 2.9
db:	BID	id:	94075	Trust: 2.1
db:	SECTRACK	id:	1037187	Trust: 1.2
db:	JVNDB	id:	JVNDB-2016-005910	Trust: 0.8
db:	CNNVD	id:	CNNVD-201611-022	Trust: 0.6
db:	VULHUB	id:	VHN-95279	Trust: 0.1
db:	VULMON	id:	CVE-2016-6459	Trust: 0.1

sources: VULHUB: VHN-95279 // VULMON: CVE-2016-6459 // BID: 94075 // JVNDB: JVNDB-2016-005910 // CNNVD: CNNVD-201611-022 // NVD: CVE-2016-6459

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-tp	Trust: 2.1
url:	http://www.securityfocus.com/bid/94075	Trust: 1.8
url:	http://www.securitytracker.com/id/1037187	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6459	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6459	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://www.rapid7.com/db/vulnerabilities/cisco-telepresence-cve-2016-6459	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/	Trust: 0.1
url:	https://support.symantec.com/en_us/article.symsa1403.html	Trust: 0.1

sources: VULHUB: VHN-95279 // VULMON: CVE-2016-6459 // BID: 94075 // JVNDB: JVNDB-2016-005910 // CNNVD: CNNVD-201611-022 // NVD: CVE-2016-6459

CREDITS

Cisco

Trust: 0.9

sources: BID: 94075 // CNNVD: CNNVD-201611-022

SOURCES

db:	VULHUB	id:	VHN-95279
db:	VULMON	id:	CVE-2016-6459
db:	BID	id:	94075
db:	JVNDB	id:	JVNDB-2016-005910
db:	CNNVD	id:	CNNVD-201611-022
db:	NVD	id:	CVE-2016-6459

LAST UPDATE DATE

2025-04-13T23:41:16.546000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-95279	date:	2017-07-29T00:00:00
db:	VULMON	id:	CVE-2016-6459	date:	2017-07-29T00:00:00
db:	BID	id:	94075	date:	2016-11-24T01:07:00
db:	JVNDB	id:	JVNDB-2016-005910	date:	2016-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201611-022	date:	2016-11-07T00:00:00
db:	NVD	id:	CVE-2016-6459	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-95279	date:	2016-11-19T00:00:00
db:	VULMON	id:	CVE-2016-6459	date:	2016-11-19T00:00:00
db:	BID	id:	94075	date:	2016-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2016-005910	date:	2016-11-24T00:00:00
db:	CNNVD	id:	CNNVD-201611-022	date:	2016-11-07T00:00:00
db:	NVD	id:	CVE-2016-6459	date:	2016-11-19T03:03:02.507