cvelistv5 - CVE-2016-1316

CVE-2016-1316 (GCVE-0-2016-1316)

Vulnerability from cvelistv5 – Published: 2016-02-09 02:00 – Updated: 2024-08-05 22:55

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www.securitytracker.com/id/1034956	vdb-entryx_refsource_SECTRACK
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:13.954Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034956",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034956"
          },
          {
            "name": "20160208 Cisco Video Communications Server Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1034956",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034956"
        },
        {
          "name": "20160208 Cisco Video Communications Server Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1316",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034956",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034956"
            },
            {
              "name": "20160208 Cisco Video Communications Server Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1316",
    "datePublished": "2016-02-09T02:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:13.954Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF51F825-6446-4EB5-8406-5B2ADB282719\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9FAD1E4-037C-4877-9DA0-7ADDE2933C0B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B585675C-D7B4-4873-9DBC-068219059F5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3031A9F1-C65E-4E34-99CF-EE6CF7811389\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0563B17-D80D-470C-AA0E-6A40F3F07DA5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99B407C6-41C4-48C5-955B-69727ACE769D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83373EA3-B4F0-47C3-9C1D-11182A504C2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C645F71B-D8E6-4F2E-9F22-DCFC2B14DDD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABE4C06E-5916-44D1-B991-049C44FA45F8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DCFB790-3DFC-47CD-AECB-4F510C2E64EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10EB18CC-C3DD-40D8-A8CC-5410C3176DD5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2BC73D75-DE33-4B17-8251-E0D44460B7D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"022B090E-51FB-4C00-A8FE-AB73ED632CDB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.\"}, {\"lang\": \"es\", \"value\": \"Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versi\\u00f3n X8.7, tal como se utiliza en conjunci\\u00f3n con Jabber Guest, permite a atacantes remotos obtener informaci\\u00f3n de estad\\u00edsticas de llamada sensible a trav\\u00e9s de una petici\\u00f3n directa a una URL no especificada, tambi\\u00e9n conocido como Bug ID CSCux73362.\"}]",
      "id": "CVE-2016-1316",
      "lastModified": "2024-11-21T02:46:10.463",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false}]}",
      "published": "2016-02-09T03:59:00.117",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034956\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034956\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1316\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-02-09T03:59:00.117\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.\"},{\"lang\":\"es\",\"value\":\"Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versi\u00f3n X8.7, tal como se utiliza en conjunci\u00f3n con Jabber Guest, permite a atacantes remotos obtener informaci\u00f3n de estad\u00edsticas de llamada sensible a trav\u00e9s de una petici\u00f3n directa a una URL no especificada, tambi\u00e9n conocido como Bug ID CSCux73362.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF51F825-6446-4EB5-8406-5B2ADB282719\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9FAD1E4-037C-4877-9DA0-7ADDE2933C0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B585675C-D7B4-4873-9DBC-068219059F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3031A9F1-C65E-4E34-99CF-EE6CF7811389\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0563B17-D80D-470C-AA0E-6A40F3F07DA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99B407C6-41C4-48C5-955B-69727ACE769D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83373EA3-B4F0-47C3-9C1D-11182A504C2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C645F71B-D8E6-4F2E-9F22-DCFC2B14DDD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABE4C06E-5916-44D1-B991-049C44FA45F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DCFB790-3DFC-47CD-AECB-4F510C2E64EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10EB18CC-C3DD-40D8-A8CC-5410C3176DD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BC73D75-DE33-4B17-8251-E0D44460B7D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"022B090E-51FB-4C00-A8FE-AB73ED632CDB\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034956\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034956\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-X6F7-8VRQ-6M6V

Vulnerability from github – Published: 2022-05-17 03:29 – Updated: 2022-05-17 03:29

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-09T03:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.",
  "id": "GHSA-x6f7-8vrq-6m6v",
  "modified": "2022-05-17T03:29:28Z",
  "published": "2022-05-17T03:29:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1316"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034956"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-1316

Vulnerability from fkie_nvd - Published: 2016-02-09 03:59 - Updated: 2025-04-12 10:46

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1034956
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034956

Impacted products

Vendor	Product	Version
cisco	telepresence_video_communication_server_software	x8.1.1
cisco	telepresence_video_communication_server_software	x8.1.2
cisco	telepresence_video_communication_server_software	x8.1_base
cisco	telepresence_video_communication_server_software	x8.2.1
cisco	telepresence_video_communication_server_software	x8.2.2
cisco	telepresence_video_communication_server_software	x8.2_base
cisco	telepresence_video_communication_server_software	x8.5.0
cisco	telepresence_video_communication_server_software	x8.5.1
cisco	telepresence_video_communication_server_software	x8.5.2
cisco	telepresence_video_communication_server_software	x8.5.3
cisco	telepresence_video_communication_server_software	x8.6.0
cisco	telepresence_video_communication_server_software	x8.6.1
cisco	telepresence_video_communication_server_software	x8.7_base

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF51F825-6446-4EB5-8406-5B2ADB282719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9FAD1E4-037C-4877-9DA0-7ADDE2933C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "B585675C-D7B4-4873-9DBC-068219059F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3031A9F1-C65E-4E34-99CF-EE6CF7811389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0563B17-D80D-470C-AA0E-6A40F3F07DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B407C6-41C4-48C5-955B-69727ACE769D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83373EA3-B4F0-47C3-9C1D-11182A504C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C645F71B-D8E6-4F2E-9F22-DCFC2B14DDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABE4C06E-5916-44D1-B991-049C44FA45F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DCFB790-3DFC-47CD-AECB-4F510C2E64EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10EB18CC-C3DD-40D8-A8CC-5410C3176DD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC73D75-DE33-4B17-8251-E0D44460B7D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "022B090E-51FB-4C00-A8FE-AB73ED632CDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362."
    },
    {
      "lang": "es",
      "value": "Cisco TelePresence Video Communication Server (VCS) X8.1 hasta la versi\u00f3n X8.7, tal como se utiliza en conjunci\u00f3n con Jabber Guest, permite a atacantes remotos obtener informaci\u00f3n de estad\u00edsticas de llamada sensible a trav\u00e9s de una petici\u00f3n directa a una URL no especificada, tambi\u00e9n conocido como Bug ID CSCux73362."
    }
  ],
  "id": "CVE-2016-1316",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-09T03:59:00.117",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1034956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034956"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2016-01063

Vulnerability from cnvd - Published: 2016-02-17

Title

Cisco TelePresence Video Communication Server信息泄露漏洞

Description

Cisco TelePresence Video Communication Server是美国思科（Cisco）公司的网真视频通信服务器，它能够与统一通信和语音通信环境集成，从而为使用各种通信工具的最终用户提供最佳体验。 Cisco TelePresence Video Communication Server存在信息泄露漏洞，允许远程攻击者通过直接请求未指定的URL获得敏感的呼叫统计数据信息。

Severity

中

Patch Name

Cisco TelePresence Video Communication Server信息泄露漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs

Impacted products

Name
Cisco TelePresence Video Communication Server (VCS) x8

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1316"
    }
  },
  "description": "Cisco TelePresence Video Communication Server\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u7f51\u771f\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\uff0c\u5b83\u80fd\u591f\u4e0e\u7edf\u4e00\u901a\u4fe1\u548c\u8bed\u97f3\u901a\u4fe1\u73af\u5883\u96c6\u6210\uff0c\u4ece\u800c\u4e3a\u4f7f\u7528\u5404\u79cd\u901a\u4fe1\u5de5\u5177\u7684\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u6700\u4f73\u4f53\u9a8c\u3002\r\n\r\nCisco TelePresence Video Communication Server\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u76f4\u63a5\u8bf7\u6c42\u672a\u6307\u5b9a\u7684URL\u83b7\u5f97\u654f\u611f\u7684\u547c\u53eb\u7edf\u8ba1\u6570\u636e\u4fe1\u606f\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01063",
  "openTime": "2016-02-17",
  "patchDescription": "Cisco TelePresence Video Communication Server\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u7f51\u771f\u89c6\u9891\u901a\u4fe1\u670d\u52a1\u5668\uff0c\u5b83\u80fd\u591f\u4e0e\u7edf\u4e00\u901a\u4fe1\u548c\u8bed\u97f3\u901a\u4fe1\u73af\u5883\u96c6\u6210\uff0c\u4ece\u800c\u4e3a\u4f7f\u7528\u5404\u79cd\u901a\u4fe1\u5de5\u5177\u7684\u6700\u7ec8\u7528\u6237\u63d0\u4f9b\u6700\u4f73\u4f53\u9a8c\u3002\r\n\r\nCisco TelePresence Video Communication Server\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u76f4\u63a5\u8bf7\u6c42\u672a\u6307\u5b9a\u7684URL\u83b7\u5f97\u654f\u611f\u7684\u547c\u53eb\u7edf\u8ba1\u6570\u636e\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco TelePresence Video Communication Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco TelePresence Video Communication Server (VCS) x8"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-11",
  "title": "Cisco TelePresence Video Communication Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

VAR-201602-0054

Vulnerability from variot - Updated: 2023-12-18 12:20

Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. Vendors have confirmed this vulnerability Bug ID CSCux73362 It is released as.Unspecified by a third party URL You may get important call statistics via a direct request to. Cisco TelePresenceVideo Communication Server is a telepresence video communication server from Cisco, Inc. that integrates with unified communications and voice communications environments to provide the best experience for end users using a variety of communication tools. An attacker can exploit this issue to obtain sensitive information. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCux73362

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0054",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.2_base"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.1_base"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.5.0"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.5.2"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.7_base"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.5.1"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.1.2"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.2.1"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.2.2"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "x8.1.1"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.6.0"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.5.3"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "x8.6.1"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "x8.1 to  x8.7"
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "x8"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1316"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "82948"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1316",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-1316",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-01063",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-90135",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1316",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-01063",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-169",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90135",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90135"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362. Vendors have confirmed this vulnerability Bug ID CSCux73362 It is released as.Unspecified by a third party URL You may get important call statistics via a direct request to. Cisco TelePresenceVideo Communication Server is a telepresence video communication server from Cisco, Inc. that integrates with unified communications and voice communications environments to provide the best experience for end users using a variety of communication tools. \nAn attacker can exploit this issue to obtain sensitive information. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCux73362",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1316"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "db": "BID",
        "id": "82948"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90135"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1316",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1034956",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-169",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "82948",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-90135",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90135"
      },
      {
        "db": "BID",
        "id": "82948"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ]
  },
  "id": "VAR-201602-0054",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90135"
      }
    ],
    "trust": 0.06999999999999999
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:20:37.353000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160208-vcs",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160208-vcs"
      },
      {
        "title": "Patch for CiscoTelePresenceVideoCommunicationServer Information Disclosure Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/71446"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90135"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1316"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160208-vcs"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034956"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1316"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1316"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90135"
      },
      {
        "db": "BID",
        "id": "82948"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90135"
      },
      {
        "db": "BID",
        "id": "82948"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1316"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "date": "2016-02-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90135"
      },
      {
        "date": "2016-02-08T00:00:00",
        "db": "BID",
        "id": "82948"
      },
      {
        "date": "2016-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "date": "2016-02-09T03:59:00.117000",
        "db": "NVD",
        "id": "CVE-2016-1316"
      },
      {
        "date": "2016-02-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-01063"
      },
      {
        "date": "2016-12-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90135"
      },
      {
        "date": "2016-07-06T12:17:00",
        "db": "BID",
        "id": "82948"
      },
      {
        "date": "2016-02-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      },
      {
        "date": "2016-12-06T03:06:46.480000",
        "db": "NVD",
        "id": "CVE-2016-1316"
      },
      {
        "date": "2016-02-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Jabber Guest Used in conjunction with  TelePresence Video Communication Server Vulnerable to obtaining important call statistics information",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001454"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-169"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2016-AVI-051

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 11.5(0.98000.480)
Cisco	Jabber	Cisco TelePresence Video Communication Server (VCS) version X8 lorsqu'utilisé dans le cadre d'un déploiement Jabber Guest
Cisco	Unified Communications Manager	Cisco Unified Communications Manager (CallManager) versions 10.5(2.12901.1), 10.5(2.10000.5), 11.0(1.10000.10), et 9.1(2.10000.28)
Cisco	N/A	Cisco APIC-EM version 1.1
Cisco	N/A	Cisco Unified Contact Center Express version 11.0(1)
Cisco	Unity Connection	Cisco Unity Connection version 10.5(2)
Cisco	Unified Communications Manager	Cisco Unified Communications Manager IM & Presence Service version 10.5(2)

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-201600208-ucm du 09 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160208-vcs du 09 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160208-apic du 09 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160208-ucm du 09 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160208-apic du 09 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-201600208-ucm du 09 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160208-ucm du 09 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160208-vcs du 09 février 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified Communications Manager version 11.5(0.98000.480)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Video Communication Server (VCS) version X8 lorsqu\u0027utilis\u00e9 dans le cadre d\u0027un d\u00e9ploiement Jabber Guest",
      "product": {
        "name": "Jabber",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager (CallManager) versions 10.5(2.12901.1), 10.5(2.10000.5), 11.0(1.10000.10), et 9.1(2.10000.28)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Contact Center Express version 11.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unity Connection version 10.5(2)",
      "product": {
        "name": "Unity Connection",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager IM \u0026 Presence Service version 10.5(2)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1316"
    },
    {
      "name": "CVE-2016-1319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1319"
    },
    {
      "name": "CVE-2016-1318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1318"
    },
    {
      "name": "CVE-2016-1317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1317"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-apic du 09    f\u00e9vrier 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-201600208-ucm du 09    f\u00e9vrier 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-ucm du 09    f\u00e9vrier 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-vcs du 09    f\u00e9vrier 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
    }
  ],
  "reference": "CERTFR-2016-AVI-051",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-201600208-ucm du 09 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-vcs du 09 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-apic du 09 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-ucm du 09 f\u00e9vrier 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-051

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 11.5(0.98000.480)
Cisco	Jabber	Cisco TelePresence Video Communication Server (VCS) version X8 lorsqu'utilisé dans le cadre d'un déploiement Jabber Guest
Cisco	Unified Communications Manager	Cisco Unified Communications Manager (CallManager) versions 10.5(2.12901.1), 10.5(2.10000.5), 11.0(1.10000.10), et 9.1(2.10000.28)
Cisco	N/A	Cisco APIC-EM version 1.1
Cisco	N/A	Cisco Unified Contact Center Express version 11.0(1)
Cisco	Unity Connection	Cisco Unity Connection version 10.5(2)
Cisco	Unified Communications Manager	Cisco Unified Communications Manager IM & Presence Service version 10.5(2)

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-201600208-ucm du 09 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160208-vcs du 09 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160208-apic du 09 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160208-ucm du 09 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160208-apic du 09 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-201600208-ucm du 09 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160208-ucm du 09 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160208-vcs du 09 février 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified Communications Manager version 11.5(0.98000.480)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence Video Communication Server (VCS) version X8 lorsqu\u0027utilis\u00e9 dans le cadre d\u0027un d\u00e9ploiement Jabber Guest",
      "product": {
        "name": "Jabber",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager (CallManager) versions 10.5(2.12901.1), 10.5(2.10000.5), 11.0(1.10000.10), et 9.1(2.10000.28)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Contact Center Express version 11.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unity Connection version 10.5(2)",
      "product": {
        "name": "Unity Connection",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager IM \u0026 Presence Service version 10.5(2)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1316"
    },
    {
      "name": "CVE-2016-1319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1319"
    },
    {
      "name": "CVE-2016-1318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1318"
    },
    {
      "name": "CVE-2016-1317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1317"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-apic du 09    f\u00e9vrier 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-201600208-ucm du 09    f\u00e9vrier 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-ucm du 09    f\u00e9vrier 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-vcs du 09    f\u00e9vrier 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
    }
  ],
  "reference": "CERTFR-2016-AVI-051",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-02-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code\nindirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-201600208-ucm du 09 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-vcs du 09 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-apic du 09 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160208-ucm du 09 f\u00e9vrier 2016",
      "url": null
    }
  ]
}

GSD-2016-1316

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1316

Aliases

CVE-2016-1316

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1316",
    "description": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.",
    "id": "GSD-2016-1316"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1316"
      ],
      "details": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362.",
      "id": "GSD-2016-1316",
      "modified": "2023-12-13T01:21:24.741315Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1316",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1034956",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034956"
          },
          {
            "name": "20160208 Cisco Video Communications Server Information Disclosure Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.7_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.1_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_video_communication_server_software:x8.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1316"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160208 Cisco Video Communications Server Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-vcs"
            },
            {
              "name": "1034956",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034956"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2016-12-06T03:06Z",
      "publishedDate": "2016-02-09T03:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1316 (GCVE-0-2016-1316)

GHSA-X6F7-8VRQ-6M6V

FKIE_CVE-2016-1316

CNVD-2016-01063

VAR-201602-0054

CERTFR-2016-AVI-051

Solution

CERTFR-2016-AVI-051

Solution

GSD-2016-1316

Tags

Sightings

Nomenclature