cvelistv5 - cve-2016-1307

CVE-2016-1307 (GCVE-0-2016-1307)

Vulnerability from cvelistv5 – Published: 2016-02-07 11:00 – Updated: 2024-08-05 22:55

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1034921	vdb-entryx_refsource_SECTRACK
	http://www.securitytracker.com/id/1034920	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:12.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
          },
          {
            "name": "1034921",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034921"
          },
          {
            "name": "1034920",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034920"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-02-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-02T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
        },
        {
          "name": "1034921",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034921"
        },
        {
          "name": "1034920",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034920"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1307",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
            },
            {
              "name": "1034921",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034921"
            },
            {
              "name": "1034920",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034920"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1307",
    "datePublished": "2016-02-07T11:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:12.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aazi.0\\\\)c0\", \"matchCriteriaId\": \"21D9999F-C55E-4BAB-A401-007FB34B2A5E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*\", \"matchCriteriaId\": \"83223AC7-22F3-4FCA-B11B-B769086DCF04\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.50\\\\(aazi.0\\\\)c0\", \"matchCriteriaId\": \"21D9999F-C55E-4BAB-A401-007FB34B2A5E\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.\"}, {\"lang\": \"es\", \"value\": \"El servidor Openfire en Cisco Finesse Desktop 10.5(1) y 11.0(1) y Unified Contact Center Express 10.6(1) tiene una cuenta embebida, lo que hace m\\u00e1s f\\u00e1cil para atacantes remotos obtener acceso a trav\\u00e9s de una sesi\\u00f3n XMPP, tambi\\u00e9n conocido como Bug ID CSCuw79085.\"}]",
      "id": "CVE-2016-1307",
      "lastModified": "2024-11-21T02:46:09.473",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:N\", \"baseScore\": 5.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false}]}",
      "published": "2016-02-07T11:59:03.880",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034920\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1034921\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1034920\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1034921\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}, {\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-1307\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-02-07T11:59:03.880\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.\"},{\"lang\":\"es\",\"value\":\"El servidor Openfire en Cisco Finesse Desktop 10.5(1) y 11.0(1) y Unified Contact Center Express 10.6(1) tiene una cuenta embebida, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de una sesi\u00f3n XMPP, tambi\u00e9n conocido como Bug ID CSCuw79085.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:N\",\"baseScore\":5.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"},{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aazi.0\\\\)c0\",\"matchCriteriaId\":\"21D9999F-C55E-4BAB-A401-007FB34B2A5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"83223AC7-22F3-4FCA-B11B-B769086DCF04\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.50\\\\(aazi.0\\\\)c0\",\"matchCriteriaId\":\"21D9999F-C55E-4BAB-A401-007FB34B2A5E\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034920\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1034921\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1034920\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1034921\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2016-1307

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1307

Aliases

CVE-2016-1307

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1307",
    "description": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.",
    "id": "GSD-2016-1307"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1307"
      ],
      "details": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.",
      "id": "GSD-2016-1307",
      "modified": "2023-12-13T01:21:24.403341Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1307",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
          },
          {
            "name": "1034921",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034921"
          },
          {
            "name": "1034920",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1034920"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\\\\\(1\\\\\\)_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:11.0\\\\\\(1\\\\\\)_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\\\(1\\\\\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1307"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                },
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160202 Cisco Finesse Desktop and Cisco Unified Contact Center Express Applications XMPP Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
            },
            {
              "name": "1034921",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034921"
            },
            {
              "name": "1034920",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1034920"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM"
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.5
        }
      },
      "lastModifiedDate": "2016-12-06T03:06Z",
      "publishedDate": "2016-02-07T11:59Z"
    }
  }
}

VAR-201602-0048

Vulnerability from variot - Updated: 2023-12-18 14:05

The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. Vendors have confirmed this vulnerability Bug ID CSCuw79085 It is released as.By a third party XMPP Access may be gained through a session. Attackers can exploit this issue to gain unauthorized access to the affected application. This may allow an attacker to obtain and modify sensitive information. This issue is being tracked by Cisco bug IDs CSCuw79085 and CSCuw86638. Cisco Finesse Desktop is a suite of next-generation agent and desktop management software for customer collaboration solutions; Unified CCX is a customer relationship management component of a unified communications solution. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201602-0048",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "keymouse",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "zzinc",
        "version": "3.08"
      },
      {
        "model": "gs1900-10hp",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "zyxel",
        "version": "2.50\\(aazi.0\\)c0"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "10.5(1)"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "11.0(1)"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "10.6(1)"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "10.5\\\\\\(1\\\\\\)_base"
      },
      {
        "model": "finesse",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "11.0\\\\\\(1\\\\\\)_base"
      },
      {
        "model": "unified contact center express",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "10.6\\\\\\(1\\\\\\)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\\\\\(1\\\\\\)_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:finesse:11.0\\\\\\(1\\\\\\)_base:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\\\\\(1\\\\\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1307"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco.",
    "sources": [
      {
        "db": "BID",
        "id": "82400"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-1307",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2016-1307",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-90126",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "impactScore": 2.5,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1307",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201602-143",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90126",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. Vendors have confirmed this vulnerability Bug ID CSCuw79085 It is released as.By a third party XMPP Access may be gained through a session. \nAttackers can exploit this issue to gain unauthorized access to the  affected application. This may allow an attacker to obtain and modify  sensitive information. \nThis issue is being tracked by Cisco bug IDs CSCuw79085 and CSCuw86638. Cisco Finesse Desktop is a suite of next-generation agent and desktop management software for customer collaboration solutions; Unified CCX is a customer relationship management component of a unified communications solution. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1307"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "db": "BID",
        "id": "82400"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90126"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1307",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1034921",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1034920",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "82400",
        "trust": 0.3
      },
      {
        "db": "VULHUB",
        "id": "VHN-90126",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90126"
      },
      {
        "db": "BID",
        "id": "82400"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ]
  },
  "id": "VAR-201602-0048",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90126"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T14:05:58.632000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160202-fducce",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160202-fducce"
      },
      {
        "title": "Cisco Finesse Desktop  and Unified Contact Center Express Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=60091"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1307"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160202-fducce"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034920"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034921"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1307"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1307"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90126"
      },
      {
        "db": "BID",
        "id": "82400"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-90126"
      },
      {
        "db": "BID",
        "id": "82400"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1307"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-02-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90126"
      },
      {
        "date": "2016-02-02T00:00:00",
        "db": "BID",
        "id": "82400"
      },
      {
        "date": "2016-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "date": "2016-02-07T11:59:03.880000",
        "db": "NVD",
        "id": "CVE-2016-1307"
      },
      {
        "date": "2016-02-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90126"
      },
      {
        "date": "2016-07-05T21:21:00",
        "db": "BID",
        "id": "82400"
      },
      {
        "date": "2016-02-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      },
      {
        "date": "2016-12-06T03:06:39.747000",
        "db": "NVD",
        "id": "CVE-2016-1307"
      },
      {
        "date": "2016-02-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Finesse Desktop and  Unified Contact Center Express of  Openfire Vulnerability to gain access rights on the server",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-001493"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201602-143"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2016-1307

Vulnerability from fkie_nvd - Published: 2016-02-07 11:59 - Updated: 2025-04-12 10:46

Severity ?

5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1034920
psirt@cisco.com	http://www.securitytracker.com/id/1034921
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034920
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1034921

Impacted products

Vendor	Product	Version
zyxel	gs1900-10hp_firmware	*
zzinc	keymouse_firmware	3.08
zyxel	gs1900-10hp_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
              "versionEndExcluding": "2.50\\(aazi.0\\)c0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:zzinc:keymouse_firmware:3.08:*:*:*:*:windows:*:*",
              "matchCriteriaId": "83223AC7-22F3-4FCA-B11B-B769086DCF04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:gs1900-10hp_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21D9999F-C55E-4BAB-A401-007FB34B2A5E",
              "versionEndExcluding": "2.50\\(aazi.0\\)c0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085."
    },
    {
      "lang": "es",
      "value": "El servidor Openfire en Cisco Finesse Desktop 10.5(1) y 11.0(1) y Unified Contact Center Express 10.6(1) tiene una cuenta embebida, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener acceso a trav\u00e9s de una sesi\u00f3n XMPP, tambi\u00e9n conocido como Bug ID CSCuw79085."
    }
  ],
  "id": "CVE-2016-1307",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-02-07T11:59:03.880",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1034920"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1034921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034920"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034921"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        },
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-047

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Application Policy Infrastructure Controllers versions antérieures à 1.0(3h) et 1.1(1j)
Cisco	N/A	Cisco Nexus 9000 Series ACI Mode Switches versions antérieures à 1.0(3h) et 1.1(1j)
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 10.5(2.13900.9)
Cisco	Unity Connection	Cisco Unity Connection version 11.5(0.199)
Cisco	N/A	Cisco Unified Contact Center Express version 10.6(1)
Cisco	N/A	Cisco Finesse Desktop versions 10.5(1) et 11.0(1)
Cisco	Jabber	Cisco Jabber Guest Server version 10.6(8)
Cisco	N/A	Cisco Nexus 9000 Series ACI Mode Switches versions antérieures à 11.0(1c)
Cisco	N/A	Cisco ASA-CX Content-Aware Security et Cisco PRSM versions antérieures à 9.3.1.1(112)
Cisco	N/A	Cisco WebEx Meetings Server version 2.5.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160202-wms du 02 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160202-fducce du 02 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-jgs du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-uc du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-apic du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-prsm du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-ucm du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-n9knci du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-prsm du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160202-wms du 02 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-ucm du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-n9knci du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-apic du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-jgs du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160202-fducce du 02 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-uc du 03 février 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Application Policy Infrastructure Controllers versions ant\u00e9rieures \u00e0 1.0(3h) et 1.1(1j)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Nexus 9000 Series ACI Mode Switches versions ant\u00e9rieures \u00e0 1.0(3h) et 1.1(1j)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager version 10.5(2.13900.9)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unity Connection version 11.5(0.199)",
      "product": {
        "name": "Unity Connection",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Contact Center Express version 10.6(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse Desktop versions 10.5(1) et 11.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Jabber Guest Server version 10.6(8)",
      "product": {
        "name": "Jabber",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Nexus 9000 Series ACI Mode Switches versions ant\u00e9rieures \u00e0 11.0(1c)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA-CX Content-Aware Security et Cisco PRSM versions ant\u00e9rieures \u00e0 9.3.1.1(112)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings Server version 2.5.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1302"
    },
    {
      "name": "CVE-2016-1308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1308"
    },
    {
      "name": "CVE-2016-1307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1307"
    },
    {
      "name": "CVE-2016-1301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1301"
    },
    {
      "name": "CVE-2016-1311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1311"
    },
    {
      "name": "CVE-2016-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1309"
    },
    {
      "name": "CVE-2015-6398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6398"
    },
    {
      "name": "CVE-2016-1310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1310"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-prsm du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-wms du 02    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-wms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-ucm du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-ucm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-n9knci du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-apic du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-jgs du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-fducce du 02    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-uc du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-uc"
    }
  ],
  "reference": "CERTFR-2016-AVI-047",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-wms du 02 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-fducce du 02 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-jgs du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-uc du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-apic du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-prsm du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-ucm du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-n9knci du 03 f\u00e9vrier 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-047

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco Application Policy Infrastructure Controllers versions antérieures à 1.0(3h) et 1.1(1j)
Cisco	N/A	Cisco Nexus 9000 Series ACI Mode Switches versions antérieures à 1.0(3h) et 1.1(1j)
Cisco	Unified Communications Manager	Cisco Unified Communications Manager version 10.5(2.13900.9)
Cisco	Unity Connection	Cisco Unity Connection version 11.5(0.199)
Cisco	N/A	Cisco Unified Contact Center Express version 10.6(1)
Cisco	N/A	Cisco Finesse Desktop versions 10.5(1) et 11.0(1)
Cisco	Jabber	Cisco Jabber Guest Server version 10.6(8)
Cisco	N/A	Cisco Nexus 9000 Series ACI Mode Switches versions antérieures à 11.0(1c)
Cisco	N/A	Cisco ASA-CX Content-Aware Security et Cisco PRSM versions antérieures à 9.3.1.1(112)
Cisco	N/A	Cisco WebEx Meetings Server version 2.5.1.5

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160202-wms du 02 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160202-fducce du 02 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-jgs du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-uc du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-apic du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-prsm du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-ucm du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-n9knci du 03 février 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160203-prsm du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160202-wms du 02 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-ucm du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-n9knci du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-apic du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-jgs du 03 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160202-fducce du 02 février 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160203-uc du 03 février 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Application Policy Infrastructure Controllers versions ant\u00e9rieures \u00e0 1.0(3h) et 1.1(1j)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Nexus 9000 Series ACI Mode Switches versions ant\u00e9rieures \u00e0 1.0(3h) et 1.1(1j)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager version 10.5(2.13900.9)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unity Connection version 11.5(0.199)",
      "product": {
        "name": "Unity Connection",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Contact Center Express version 10.6(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse Desktop versions 10.5(1) et 11.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Jabber Guest Server version 10.6(8)",
      "product": {
        "name": "Jabber",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Nexus 9000 Series ACI Mode Switches versions ant\u00e9rieures \u00e0 11.0(1c)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA-CX Content-Aware Security et Cisco PRSM versions ant\u00e9rieures \u00e0 9.3.1.1(112)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WebEx Meetings Server version 2.5.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1302"
    },
    {
      "name": "CVE-2016-1308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1308"
    },
    {
      "name": "CVE-2016-1307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1307"
    },
    {
      "name": "CVE-2016-1301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1301"
    },
    {
      "name": "CVE-2016-1311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1311"
    },
    {
      "name": "CVE-2016-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1309"
    },
    {
      "name": "CVE-2015-6398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6398"
    },
    {
      "name": "CVE-2016-1310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1310"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-prsm du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-wms du 02    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-wms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-ucm du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-ucm"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-n9knci du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-apic du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-jgs du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-jgs"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-fducce du 02    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-uc du 03    f\u00e9vrier 2016",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-uc"
    }
  ],
  "reference": "CERTFR-2016-AVI-047",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-02-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-wms du 02 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160202-fducce du 02 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-jgs du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-uc du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-apic du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-prsm du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-ucm du 03 f\u00e9vrier 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160203-n9knci du 03 f\u00e9vrier 2016",
      "url": null
    }
  ]
}

GHSA-FVF3-V835-PWVX

Vulnerability from github – Published: 2022-05-17 03:29 – Updated: 2022-05-17 03:29

Details

Severity ?

5.4 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1307"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-02-07T11:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085.",
  "id": "GHSA-fvf3-v835-pwvx",
  "modified": "2022-05-17T03:29:29Z",
  "published": "2022-05-17T03:29:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1307"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034920"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1034921"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-01452

Vulnerability from cnvd - Published: 2016-03-04

Title

Cisco Finesse Desktop和Unified Contact Center Express权限获取漏洞

Description

Cisco Finesse Desktop和Unified Contact Center Express（Unified CCX）都是美国思科（Cisco）公司的产品。Cisco Finesse Desktop是一套用于客户协作解决方案中的下一代代理和桌面管理的软件；Unified CCX是一款统一通信解决方案中的客户关系管理组件。 Cisco Finesse Desktop和Unified CCX中的Openfire服务器中存在安全漏洞,远程攻击者可借助Openfire会话，利用该漏洞获取访问权限。

Severity

中

Patch Name

Cisco Finesse Desktop和Unified Contact Center Express权限获取漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1307

Impacted products

Name
['Cisco Unified Contact Center Express 10.6(1)', 'Cisco Finesse Desktop 10.5(1)', 'Cisco Finesse Desktop 11.0(1)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1307"
    }
  },
  "description": "Cisco Finesse Desktop\u548cUnified Contact Center Express\uff08Unified CCX\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Finesse Desktop\u662f\u4e00\u5957\u7528\u4e8e\u5ba2\u6237\u534f\u4f5c\u89e3\u51b3\u65b9\u6848\u4e2d\u7684\u4e0b\u4e00\u4ee3\u4ee3\u7406\u548c\u684c\u9762\u7ba1\u7406\u7684\u8f6f\u4ef6\uff1bUnified CCX\u662f\u4e00\u6b3e\u7edf\u4e00\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u4e2d\u7684\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7ec4\u4ef6\u3002\r\n\r\nCisco Finesse Desktop\u548cUnified CCX\u4e2d\u7684Openfire\u670d\u52a1\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e,\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9Openfire\u4f1a\u8bdd\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-01452",
  "openTime": "2016-03-04",
  "patchDescription": "Cisco Finesse Desktop\u548cUnified Contact Center Express\uff08Unified CCX\uff09\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Finesse Desktop\u662f\u4e00\u5957\u7528\u4e8e\u5ba2\u6237\u534f\u4f5c\u89e3\u51b3\u65b9\u6848\u4e2d\u7684\u4e0b\u4e00\u4ee3\u4ee3\u7406\u548c\u684c\u9762\u7ba1\u7406\u7684\u8f6f\u4ef6\uff1bUnified CCX\u662f\u4e00\u6b3e\u7edf\u4e00\u901a\u4fe1\u89e3\u51b3\u65b9\u6848\u4e2d\u7684\u5ba2\u6237\u5173\u7cfb\u7ba1\u7406\u7ec4\u4ef6\u3002\r\n\r\nCisco Finesse Desktop\u548cUnified CCX\u4e2d\u7684Openfire\u670d\u52a1\u5668\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e,\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9Openfire\u4f1a\u8bdd\uff0c\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Finesse Desktop\u548cUnified Contact Center Express\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Unified Contact Center Express 10.6(1)",
      "Cisco Finesse Desktop 10.5(1)",
      "Cisco Finesse Desktop 11.0(1)"
    ]
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1307",
  "serverity": "\u4e2d",
  "submitTime": "2016-03-03",
  "title": "Cisco Finesse Desktop\u548cUnified Contact Center Express\u6743\u9650\u83b7\u53d6\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1307 (GCVE-0-2016-1307)

GSD-2016-1307

VAR-201602-0048

FKIE_CVE-2016-1307

CERTFR-2016-AVI-047

Solution

CERTFR-2016-AVI-047

Solution

GHSA-FVF3-V835-PWVX

CNVD-2016-01452

Tags

Sightings

Nomenclature