CVE-2016-1427
Vulnerability from cvelistv5
Published
2016-06-18 01:00
Modified
2024-08-05 22:55
Severity ?
Summary
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnrVendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1036128
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnrVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036128
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.319Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036128",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036128"
          },
          {
            "name": "20160616 Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1036128",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036128"
        },
        {
          "name": "20160616 Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036128",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036128"
            },
            {
              "name": "20160616 Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1427",
    "datePublished": "2016-06-18T01:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA415878-1D93-45C0-BB2B-28F10577C0A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66F9819C-FDC7-4A9E-A033-3759CE1CBB7E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.2.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6226486C-2DA7-4C57-9101-BF8D833B63C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC435D7B-C0F3-4CF3-9ACD-D27DD97798B6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.2.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6BAF22-ACAC-4F2C-BE51-88ABE49E1D06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF60F93F-49E8-4E90-8AAC-A72F0734EA19\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.2.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A71440BA-4558-44A7-9ABB-11CB19DD560F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B08D4801-44C6-41D8-A610-8BACD7944121\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2E60599-839A-460F-B8DE-E6F22C8ECF6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:prime_network_registrar:8.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7BCB950B-9A49-4395-98E8-E0A5F425CDAE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.\"}, {\"lang\": \"es\", \"value\": \"La interfaz de mensajer\\u00eda principal System Configuration Protocol (SCP) en Cisco Prime Network Registrar 8.2 en versiones anteriores a 8.2.3.1 y 8.3 en versiones anteriores a 8.3.2 permite a atacantes remotos obtener informaci\\u00f3n sensible a trav\\u00e9s de mensajes SCP manipulados, tambi\\u00e9n conocido como Bug ID CSCuv35694.\"}]",
      "id": "CVE-2016-1427",
      "lastModified": "2024-11-21T02:46:25.443",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-06-18T01:59:00.183",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1036128\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1036128\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1427\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2016-06-18T01:59:00.183\",\"lastModified\":\"2024-11-21T02:46:25.443\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.\"},{\"lang\":\"es\",\"value\":\"La interfaz de mensajer\u00eda principal System Configuration Protocol (SCP) en Cisco Prime Network Registrar 8.2 en versiones anteriores a 8.2.3.1 y 8.3 en versiones anteriores a 8.3.2 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de mensajes SCP manipulados, tambi\u00e9n conocido como Bug ID CSCuv35694.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA415878-1D93-45C0-BB2B-28F10577C0A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66F9819C-FDC7-4A9E-A033-3759CE1CBB7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.2.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6226486C-2DA7-4C57-9101-BF8D833B63C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC435D7B-C0F3-4CF3-9ACD-D27DD97798B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.2.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6BAF22-ACAC-4F2C-BE51-88ABE49E1D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF60F93F-49E8-4E90-8AAC-A72F0734EA19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.2.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A71440BA-4558-44A7-9ABB-11CB19DD560F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B08D4801-44C6-41D8-A610-8BACD7944121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E60599-839A-460F-B8DE-E6F22C8ECF6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:prime_network_registrar:8.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BCB950B-9A49-4395-98E8-E0A5F425CDAE\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1036128\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1036128\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.