cvelistv5 - CVE-2016-6426

CVE-2016-6426

Vulnerability from cvelistv5

Published

2016-10-05 21:00

Modified

2024-08-06 01:29

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/93420
ykramarz@cisco.com	http://www.securitytracker.com/id/1036952
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93420
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036952

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
          },
          {
            "name": "1036952",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036952"
          },
          {
            "name": "93420",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93420"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-29T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
        },
        {
          "name": "1036952",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036952"
        },
        {
          "name": "93420",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93420"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6426",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
            },
            {
              "name": "1036952",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036952"
            },
            {
              "name": "93420",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93420"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6426",
    "datePublished": "2016-10-05T21:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_express:10.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B43D9C6E-7541-4667-A723-3CE27DB008B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C277058-F33F-4E60-AE89-658CB6558D9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6F83A65-F3AC-4F6B-97A3-9FC582683BCB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7CDF110-17D3-4A1A-ADA2-4D158E172293\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D7F0FEF-BD6B-487D-9ABA-6643499DBC30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_intelligence_center:9.0\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76043C98-3664-45B4-A108-88A7E5228037\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:unified_intelligence_center:9.1\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33A6383F-C719-4624-9FF4-BDDDCAA066B6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n j_spring_security_switch_user en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versi\\u00f3n 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versi\\u00f3n 11.0(1), permite a atacantes remotos crear cuentas de usuario visitando una p\\u00e1gina web no especificada, vulnerabilidad tambi\\u00e9n conocida como IDs CSCuy75027 y CSCuy81653.\"}]",
      "id": "CVE-2016-6426",
      "lastModified": "2024-11-21T02:56:06.463",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-10-05T21:59:00.180",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93420\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1036952\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93420\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1036952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6426\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2016-10-05T21:59:00.180\",\"lastModified\":\"2024-11-21T02:56:06.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n j_spring_security_switch_user en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versi\u00f3n 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versi\u00f3n 11.0(1), permite a atacantes remotos crear cuentas de usuario visitando una p\u00e1gina web no especificada, vulnerabilidad tambi\u00e9n conocida como IDs CSCuy75027 y CSCuy81653.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B43D9C6E-7541-4667-A723-3CE27DB008B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C277058-F33F-4E60-AE89-658CB6558D9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6F83A65-F3AC-4F6B-97A3-9FC582683BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_contact_center_express:11.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7CDF110-17D3-4A1A-ADA2-4D158E172293\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D7F0FEF-BD6B-487D-9ABA-6643499DBC30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:9.0\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76043C98-3664-45B4-A108-88A7E5228037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:unified_intelligence_center:9.1\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33A6383F-C719-4624-9FF4-BDDDCAA066B6\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93420\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1036952\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1036952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-rc67-hjj5-jc2r

Vulnerability from github

Published

2022-05-17 02:21

Modified

2022-05-17 02:21

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6426"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-10-05T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.",
  "id": "GHSA-rc67-hjj5-jc2r",
  "modified": "2022-05-17T02:21:48Z",
  "published": "2022-05-17T02:21:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6426"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93420"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1036952"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2016-6426

Vulnerability from fkie_nvd

Published

2016-10-05 21:59

Modified

2024-11-21 02:56

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

References

URL	Tags
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/93420
ykramarz@cisco.com	http://www.securitytracker.com/id/1036952
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93420
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036952

Impacted products

Vendor	Product	Version
cisco	unified_contact_center_express	10.0\(1\)
cisco	unified_contact_center_express	10.5\(1\)
cisco	unified_contact_center_express	10.6\(1\)
cisco	unified_contact_center_express	11.0\(1\)
cisco	unified_intelligence_center	8.5.4
cisco	unified_intelligence_center	9.0\(2\)
cisco	unified_intelligence_center	9.1\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B43D9C6E-7541-4667-A723-3CE27DB008B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1C277058-F33F-4E60-AE89-658CB6558D9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D6F83A65-F3AC-4F6B-97A3-9FC582683BCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CDF110-17D3-4A1A-ADA2-4D158E172293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D7F0FEF-BD6B-487D-9ABA-6643499DBC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "76043C98-3664-45B4-A108-88A7E5228037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "33A6383F-C719-4624-9FF4-BDDDCAA066B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n j_spring_security_switch_user en Cisco Unified Intelligence Center (CUIC) 8.5.4 hasta la versi\u00f3n 9.1(1), tal como se utiliza en Unified Contact Center Express 10.0(1) hasta la versi\u00f3n 11.0(1), permite a atacantes remotos crear cuentas de usuario visitando una p\u00e1gina web no especificada, vulnerabilidad tambi\u00e9n conocida como IDs CSCuy75027 y CSCuy81653."
    }
  ],
  "id": "CVE-2016-6426",
  "lastModified": "2024-11-21T02:56:06.463",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-10-05T21:59:00.180",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/93420"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1036952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036952"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. Vendors have confirmed this vulnerability Bug ID CSCuy75027 ,and CSCuy81653 It is released as.Unspecified by a third party Web By accessing the page, a user account may be created. Successful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCuy75027 and CSCuy81653. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform. A remote attacker could exploit this vulnerability by visiting a page to create user accounts

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201610-0277",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.5\\(1\\)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.0\\(2\\)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.1\\(1\\)"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.6\\(1\\)"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "11.0\\(1\\)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.5.4"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "10.0\\(1\\)"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "10.0(1) to  11.0(1)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.5.4 to  9.1(1)"
      },
      {
        "model": "unified intelligence center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6426"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6426"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "93420"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-6426",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6426",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-95246",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-6426",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6426",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-081",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95246",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6426"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. Vendors have confirmed this vulnerability Bug ID CSCuy75027 ,and CSCuy81653 It is released as.Unspecified by a third party Web By accessing the page, a user account may be created. \nSuccessful exploits may allow  an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. \nThis issue is tracked by Cisco Bug IDs CSCuy75027 and CSCuy81653. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform. A remote attacker could exploit this vulnerability by visiting a page to create user accounts",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6426"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "db": "BID",
        "id": "93420"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95246"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6426",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1036952",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "93420",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-95246",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95246"
      },
      {
        "db": "BID",
        "id": "93420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6426"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ]
  },
  "id": "VAR-201610-0277",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95246"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:37:41.813000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161005-ucis2",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis2"
      },
      {
        "title": "Cisco Unified Intelligence Center Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64509"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95246"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6426"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis2"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/93420"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1036952"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6426"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6426"
      },
      {
        "trust": 0.6,
        "url": "http://securitytracker.com/id/1036952"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95246"
      },
      {
        "db": "BID",
        "id": "93420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6426"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95246"
      },
      {
        "db": "BID",
        "id": "93420"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6426"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-10-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95246"
      },
      {
        "date": "2016-10-05T00:00:00",
        "db": "BID",
        "id": "93420"
      },
      {
        "date": "2016-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "date": "2016-10-05T21:59:00.180000",
        "db": "NVD",
        "id": "CVE-2016-6426"
      },
      {
        "date": "2016-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95246"
      },
      {
        "date": "2016-10-10T00:05:00",
        "db": "BID",
        "id": "93420"
      },
      {
        "date": "2016-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      },
      {
        "date": "2017-07-30T01:29:13.130000",
        "db": "NVD",
        "id": "CVE-2016-6426"
      },
      {
        "date": "2016-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Contact Center Express Used in  Unified Intelligence Center Vulnerable to user account creation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005163"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-081"
      }
    ],
    "trust": 0.6
  }
}

gsd-2016-6426

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-6426

Aliases

CVE-2016-6426

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6426",
    "description": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.",
    "id": "GSD-2016-6426"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6426"
      ],
      "details": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653.",
      "id": "GSD-2016-6426",
      "modified": "2023-12-13T01:21:23.141204Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6426",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
          },
          {
            "name": "1036952",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036952"
          },
          {
            "name": "93420",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93420"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6426"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20161005 Cisco Unified Intelligence Center (CUIC) Software Unauthenticated User Account Creation Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis2"
            },
            {
              "name": "93420",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93420"
            },
            {
              "name": "1036952",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1036952"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-30T01:29Z",
      "publishedDate": "2016-10-05T21:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-6426

Vulnerability from cvelistv5

ghsa-rc67-hjj5-jc2r

Vulnerability from github

CVE-2016-6426

Vulnerability from fkie_nvd

var-201610-0277

Vulnerability from variot

gsd-2016-6426

Vulnerability from gsd

Tags

Sightings

Nomenclature