Details of VAR-201612-0483

ID

VAR-201612-0483

CVE

CVE-2016-9217

TITLE

Cisco Intercloud Fabric for Business and for Providers Vulnerability in connecting to the database used by this product

Trust: 0.8

sources: JVNDB: JVNDB-2016-006514

DESCRIPTION

A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.3(0)ZN(0.99). An attacker can exploit this issue to gain access to the device and obtain sensitive information that may lead to further attack. This issue is being tracked by Cisco Bug ID CSCus99394. The former is a service for managing host deployments, and the latter is a virtual appliance for deploying and managing cloud providers

Trust: 1.98

sources: NVD: CVE-2016-9217 // JVNDB: JVNDB-2016-006514 // BID: 95023 // VULHUB: VHN-98037

AFFECTED PRODUCTS

vendor:	cisco	model:	intercloud fabric	scope:	eq	version:	3.1.1_base	Trust: 1.6
vendor:	cisco	model:	intercloud fabric	scope:	eq	version:	2.2.1_base	Trust: 1.6
vendor:	cisco	model:	intercloud fabric	scope:	eq	version:	2.3.1_base	Trust: 1.6
vendor:	cisco	model:	intercloud fabric	scope:	eq	version:	for business	Trust: 0.8
vendor:	cisco	model:	intercloud fabric	scope:	eq	version:	for providers	Trust: 0.8
vendor:	cisco	model:	intercloud fabric for providers	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	intercloud fabric for business	scope:	eq	version:	0	Trust: 0.3

sources: BID: 95023 // JVNDB: JVNDB-2016-006514 // CNNVD: CNNVD-201612-623 // NVD: CVE-2016-9217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9217
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-9217
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201612-623
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-98037
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9217
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-98037
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9217
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-98037 // JVNDB: JVNDB-2016-006514 // CNNVD: CNNVD-201612-623 // NVD: CVE-2016-9217

PROBLEMTYPE DATA

problemtype:

CWE-285

Trust: 1.9

sources: VULHUB: VHN-98037 // JVNDB: JVNDB-2016-006514 // NVD: CVE-2016-9217

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-623

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201612-623

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006514

PATCH

title:

cisco-sa-20161221-icf

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161221-icf

Trust: 0.8

sources: JVNDB: JVNDB-2016-006514

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9217	Trust: 2.8
db:	BID	id:	95023	Trust: 2.0
db:	JVNDB	id:	JVNDB-2016-006514	Trust: 0.8
db:	CNNVD	id:	CNNVD-201612-623	Trust: 0.7
db:	VULHUB	id:	VHN-98037	Trust: 0.1

sources: VULHUB: VHN-98037 // BID: 95023 // JVNDB: JVNDB-2016-006514 // CNNVD: CNNVD-201612-623 // NVD: CVE-2016-9217

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161221-icf	Trust: 2.0
url:	http://www.securityfocus.com/bid/95023	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9217	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9217	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-98037 // BID: 95023 // JVNDB: JVNDB-2016-006514 // CNNVD: CNNVD-201612-623 // NVD: CVE-2016-9217

CREDITS

Cisco

Trust: 0.9

sources: BID: 95023 // CNNVD: CNNVD-201612-623

SOURCES

db:	VULHUB	id:	VHN-98037
db:	BID	id:	95023
db:	JVNDB	id:	JVNDB-2016-006514
db:	CNNVD	id:	CNNVD-201612-623
db:	NVD	id:	CVE-2016-9217

LAST UPDATE DATE

2025-04-13T23:25:03.614000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-98037	date:	2016-12-29T00:00:00
db:	BID	id:	95023	date:	2017-01-12T00:04:00
db:	JVNDB	id:	JVNDB-2016-006514	date:	2017-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201612-623	date:	2016-12-27T00:00:00
db:	NVD	id:	CVE-2016-9217	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-98037	date:	2016-12-26T00:00:00
db:	BID	id:	95023	date:	2016-12-21T00:00:00
db:	JVNDB	id:	JVNDB-2016-006514	date:	2017-01-06T00:00:00
db:	CNNVD	id:	CNNVD-201612-623	date:	2016-12-22T00:00:00
db:	NVD	id:	CVE-2016-9217	date:	2016-12-26T08:59:00.143