Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1421 (GCVE-0-2016-1421)
Vulnerability from cvelistv5 – Published: 2016-06-10 01:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco IP Phones |
Affected:
11.7(1)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2020-24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.7(1)"
}
]
}
],
"datePublic": "2016-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-16T16:27:48",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2020-24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IP Phones",
"version": {
"version_data": [
{
"version_value": "11.7(1)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-24",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1421",
"datePublished": "2016-06-10T01:00:00",
"dateReserved": "2016-01-04T00:00:00",
"dateUpdated": "2024-08-05T22:55:14.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F0554B7-0160-4885-B366-ED2C15E7EAF7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"49CF653C-B5F5-427B-9FE9-D34D7B92AA13\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la aplicaci\\u00f3n web para los tel\\u00e9fonos IP de Cisco podr\\u00eda permitir que un atacante remoto no autenticado ejecute c\\u00f3digo con privilegios de root o provoque una recarga de un tel\\u00e9fono IP afectado, resultando en una condici\\u00f3n de denegaci\\u00f3n de servicio (DoS). La vulnerabilidad existe porque el software afectado no puede verificar los l\\u00edmites de los datos de entrada. Un atacante podr\\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP especialmente dise\\u00f1ada al servidor web de un dispositivo objetivo. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante ejecutar c\\u00f3digo de forma remota con privilegios de root o causar una recarga de un tel\\u00e9fono IP afectado, lo que provocar\\u00eda una condici\\u00f3n DoS.\"}]",
"id": "CVE-2016-1421",
"lastModified": "2024-11-21T02:46:24.870",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2016-06-10T01:59:06.037",
"references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://www.tenable.com/security/research/tra-2020-24\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.tenable.com/security/research/tra-2020-24\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2016-1421\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-06-10T01:59:06.037\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la aplicaci\u00f3n web para los tel\u00e9fonos IP de Cisco podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo con privilegios de root o provoque una recarga de un tel\u00e9fono IP afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad existe porque el software afectado no puede verificar los l\u00edmites de los datos de entrada. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP especialmente dise\u00f1ada al servidor web de un dispositivo objetivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de forma remota con privilegios de root o causar una recarga de un tel\u00e9fono IP afectado, lo que provocar\u00eda una condici\u00f3n DoS.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F0554B7-0160-4885-B366-ED2C15E7EAF7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49CF653C-B5F5-427B-9FE9-D34D7B92AA13\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://www.tenable.com/security/research/tra-2020-24\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/research/tra-2020-24\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2020-AVI-227
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco IP Phone 8811, 8841, 8845, 8851, 8861 et 8865 versions antérieures à 11.7(1) | ||
| Cisco | N/A | Cisco Aironet Access Points versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Webex Meetings Online versions antérieures à 1.3.48 | ||
| Cisco | N/A | Cisco UCM et SME versions antérieures à 10.5(2)SU9 | ||
| Cisco | N/A | Cisco WLC versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco Aironet Access Points versions 8.6.x et 8.7.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco IoT Field Network Director versions antérieures à 4.6 | ||
| Cisco | N/A | Webex Meetings 39.5.x Sites versions antérieures à 39.5.18 | ||
| Cisco | N/A | Unified IP Conference Phone 8831 versions antérieures à 10.3(1)SR6 | ||
| Cisco | N/A | Cisco UCS Director versions antérieures à 6.7.4.0 | ||
| Cisco | N/A | Cisco Aironet Access Points versions 8.9.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Cisco UCM et SME versions 12.x antérieures à 12.5(1)SU2 | ||
| Cisco | N/A | Cisco Mobility Express versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco UCS Director Express for Big Data versions antérieures à 3.7.4.0 | ||
| Cisco | N/A | Webex Meetings Latest Sites versions antérieures à 40.2 | ||
| Cisco | N/A | Cisco Mobility Express versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Cisco UCM et SME versions 11.x antérieures à 11.5(1)SU7 | ||
| Cisco | N/A | Cisco Mobility Express versions 8.9.x et 9.10.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Webex Meetings Server versions antérieures à 4.0MR2SecurityPatch3 | ||
| Cisco | IP Phone | Cisco Wireless IP Phone 8821 et 8821-EX versions antérieures à 11.0(5)SR3 | ||
| Cisco | N/A | Cisco WLC versions 8.9.x et 8.10.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Cisco WLC versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Cisco Aironet Access Points Embedded Wireless Controller versions antérieures à 16.11.1b | ||
| Cisco | IP Phone | Cisco IP Phone 7811, 7821, 7841 et 7861 versions antérieures à 11.7(1) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IP Phone 8811, 8841, 8845, 8851, 8861 et 8865 versions ant\u00e9rieures \u00e0 11.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Online versions ant\u00e9rieures \u00e0 1.3.48",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions ant\u00e9rieures \u00e0 10.5(2)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions 8.6.x, 8.7.x et 8.8.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions 8.6.x et 8.7.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IoT Field Network Director versions ant\u00e9rieures \u00e0 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings 39.5.x Sites versions ant\u00e9rieures \u00e0 39.5.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified IP Conference Phone 8831 versions ant\u00e9rieures \u00e0 10.3(1)SR6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Director versions ant\u00e9rieures \u00e0 6.7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions 8.9.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions 12.x ant\u00e9rieures \u00e0 12.5(1)SU2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions 8.6.x, 8.7.x et 8.8.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Director Express for Big Data versions ant\u00e9rieures \u00e0 3.7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Latest Sites versions ant\u00e9rieures \u00e0 40.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions 11.x ant\u00e9rieures \u00e0 11.5(1)SU7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions 8.9.x et 9.10.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Server versions ant\u00e9rieures \u00e0 4.0MR2SecurityPatch3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless IP Phone 8821 et 8821-EX versions ant\u00e9rieures \u00e0 11.0(5)SR3",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions 8.9.x et 8.10.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points Embedded Wireless Controller versions ant\u00e9rieures \u00e0 16.11.1b",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 7811, 7821, 7841 et 7861 versions ant\u00e9rieures \u00e0 11.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3273"
},
{
"name": "CVE-2020-3251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3251"
},
{
"name": "CVE-2020-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3161"
},
{
"name": "CVE-2020-3162",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3162"
},
{
"name": "CVE-2020-3247",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3247"
},
{
"name": "CVE-2020-3249",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3249"
},
{
"name": "CVE-2020-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3262"
},
{
"name": "CVE-2020-3240",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3240"
},
{
"name": "CVE-2016-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1421"
},
{
"name": "CVE-2020-3194",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3194"
},
{
"name": "CVE-2020-3261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3261"
},
{
"name": "CVE-2020-3243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3243"
},
{
"name": "CVE-2020-3250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3250"
},
{
"name": "CVE-2020-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3239"
},
{
"name": "CVE-2020-3260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3260"
},
{
"name": "CVE-2020-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3177"
},
{
"name": "CVE-2020-3252",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3252"
},
{
"name": "CVE-2020-3248",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3248"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-227",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-capwap-dos-Y2sD9uEw du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ucsd-mult-vulns-UNfpdW4E du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webex-player-Q7Rtgvby du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-mob-exp-csrf-b8tFec24 du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-taps-path-trav-pfsFO93r du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-airo-wpa-dos-5ZLs6ESz du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-dos-5ZLs6ESz"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-voip-phones-rce-dos-rB6EeRXs du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iot-coap-dos-WTBu6YTq du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-gas-dos-8FsE3AWH du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-gas-dos-8FsE3AWH"
}
]
}
CERTFR-2016-AVI-209
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Aironet 1850e Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 3800 Series Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 1830e Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) Software versions antérieures à 1.3(2f) | ||
| Cisco | N/A | Cisco RV110W Wireless-N VPN Firewall versions antérieures à 1.2.1.7 | ||
| Cisco | N/A | Cisco Aironet 1850i Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 1830i Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | IP Phone | Téléphones Cisco IP Phone 8800 Series version 11.0(1) | ||
| Cisco | N/A | Cisco RV130W Wireless-N Multifunction VPN Router versions antérieures à 1.0.3.16 | ||
| Cisco | N/A | Cisco RV215W Wireless-N VPN Router versions antérieures à 1.3.0.8 | ||
| Cisco | N/A | Plateformes Cisco Access Point exécutant le logiciel version 8.2(102.43) | ||
| Cisco | N/A | Cisco Aironet 2800 Series Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Aironet 1850e Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 3800 Series Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1830e Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC) Software versions ant\u00e9rieures \u00e0 1.3(2f)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV110W Wireless-N VPN Firewall versions ant\u00e9rieures \u00e0 1.2.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1850i Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1830i Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "T\u00e9l\u00e9phones Cisco IP Phone 8800 Series version 11.0(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV130W Wireless-N Multifunction VPN Router versions ant\u00e9rieures \u00e0 1.0.3.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV215W Wireless-N VPN Router versions ant\u00e9rieures \u00e0 1.3.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Plateformes Cisco Access Point ex\u00e9cutant le logiciel version 8.2(102.43)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 2800 Series Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4956",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4956"
},
{
"name": "CVE-2016-4953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
},
{
"name": "CVE-2016-1403",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1403"
},
{
"name": "CVE-2016-1397",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1397"
},
{
"name": "CVE-2016-4957",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4957"
},
{
"name": "CVE-2016-4955",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4955"
},
{
"name": "CVE-2016-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1420"
},
{
"name": "CVE-2016-1395",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1395"
},
{
"name": "CVE-2016-4954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
},
{
"name": "CVE-2016-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1421"
},
{
"name": "CVE-2016-1396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1396"
},
{
"name": "CVE-2016-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1418"
},
{
"name": "CVE-2016-1419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1419"
},
{
"name": "CVE-2016-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1398"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ntpd du 03 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ipp du 03 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160606-aap du 06 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-apic du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv3 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv1 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160608-aironet du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv2 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
}
],
"reference": "CERTFR-2016-AVI-209",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-06-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv2 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv1 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-apic du 09 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160606-aap du 06 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 09 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv3 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ipp du 03 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ntpd du 03 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160608-aironet du 09 juin 2016",
"url": null
}
]
}
CERTFR-2016-AVI-209
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco Aironet 1850e Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 3800 Series Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 1830e Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Application Policy Infrastructure Controller (APIC) Software versions antérieures à 1.3(2f) | ||
| Cisco | N/A | Cisco RV110W Wireless-N VPN Firewall versions antérieures à 1.2.1.7 | ||
| Cisco | N/A | Cisco Aironet 1850i Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | N/A | Cisco Aironet 1830i Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) | ||
| Cisco | IP Phone | Téléphones Cisco IP Phone 8800 Series version 11.0(1) | ||
| Cisco | N/A | Cisco RV130W Wireless-N Multifunction VPN Router versions antérieures à 1.0.3.16 | ||
| Cisco | N/A | Cisco RV215W Wireless-N VPN Router versions antérieures à 1.3.0.8 | ||
| Cisco | N/A | Plateformes Cisco Access Point exécutant le logiciel version 8.2(102.43) | ||
| Cisco | N/A | Cisco Aironet 2800 Series Access Point exécutant le logiciel Cisco Aironet Access Point versions antérieures à 8.2(110.0) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco Aironet 1850e Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 3800 Series Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1830e Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Application Policy Infrastructure Controller (APIC) Software versions ant\u00e9rieures \u00e0 1.3(2f)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV110W Wireless-N VPN Firewall versions ant\u00e9rieures \u00e0 1.2.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1850i Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 1830i Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "T\u00e9l\u00e9phones Cisco IP Phone 8800 Series version 11.0(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV130W Wireless-N Multifunction VPN Router versions ant\u00e9rieures \u00e0 1.0.3.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco RV215W Wireless-N VPN Router versions ant\u00e9rieures \u00e0 1.3.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Plateformes Cisco Access Point ex\u00e9cutant le logiciel version 8.2(102.43)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet 2800 Series Access Point ex\u00e9cutant le logiciel Cisco Aironet Access Point versions ant\u00e9rieures \u00e0 8.2(110.0)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-4956",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4956"
},
{
"name": "CVE-2016-4953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4953"
},
{
"name": "CVE-2016-1403",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1403"
},
{
"name": "CVE-2016-1397",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1397"
},
{
"name": "CVE-2016-4957",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4957"
},
{
"name": "CVE-2016-4955",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4955"
},
{
"name": "CVE-2016-1420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1420"
},
{
"name": "CVE-2016-1395",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1395"
},
{
"name": "CVE-2016-4954",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4954"
},
{
"name": "CVE-2016-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1421"
},
{
"name": "CVE-2016-1396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1396"
},
{
"name": "CVE-2016-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1418"
},
{
"name": "CVE-2016-1419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1419"
},
{
"name": "CVE-2016-1398",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1398"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ntpd du 03 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ntpd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ipp du 03 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160606-aap du 06 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160606-aap"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-apic du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv3 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv3"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv1 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160608-aironet du 09 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160608-aironet"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv2 du 15 juin 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160615-rv2"
}
],
"reference": "CERTFR-2016-AVI-209",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-06-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv2 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv1 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-apic du 09 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160606-aap du 06 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 09 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160615-rv3 du 15 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ipp du 03 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160603-ntpd du 03 juin 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160608-aironet du 09 juin 2016",
"url": null
}
]
}
CERTFR-2020-AVI-227
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | IP Phone | Cisco IP Phone 8811, 8841, 8845, 8851, 8861 et 8865 versions antérieures à 11.7(1) | ||
| Cisco | N/A | Cisco Aironet Access Points versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Webex Meetings Online versions antérieures à 1.3.48 | ||
| Cisco | N/A | Cisco UCM et SME versions antérieures à 10.5(2)SU9 | ||
| Cisco | N/A | Cisco WLC versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco Aironet Access Points versions 8.6.x et 8.7.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco IoT Field Network Director versions antérieures à 4.6 | ||
| Cisco | N/A | Webex Meetings 39.5.x Sites versions antérieures à 39.5.18 | ||
| Cisco | N/A | Unified IP Conference Phone 8831 versions antérieures à 10.3(1)SR6 | ||
| Cisco | N/A | Cisco UCS Director versions antérieures à 6.7.4.0 | ||
| Cisco | N/A | Cisco Aironet Access Points versions 8.9.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Cisco UCM et SME versions 12.x antérieures à 12.5(1)SU2 | ||
| Cisco | N/A | Cisco Mobility Express versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.130.0 | ||
| Cisco | N/A | Cisco UCS Director Express for Big Data versions antérieures à 3.7.4.0 | ||
| Cisco | N/A | Webex Meetings Latest Sites versions antérieures à 40.2 | ||
| Cisco | N/A | Cisco Mobility Express versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Cisco UCM et SME versions 11.x antérieures à 11.5(1)SU7 | ||
| Cisco | N/A | Cisco Mobility Express versions 8.9.x et 9.10.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Webex Meetings Server versions antérieures à 4.0MR2SecurityPatch3 | ||
| Cisco | IP Phone | Cisco Wireless IP Phone 8821 et 8821-EX versions antérieures à 11.0(5)SR3 | ||
| Cisco | N/A | Cisco WLC versions 8.9.x et 8.10.x antérieures à 8.10.121.0 | ||
| Cisco | N/A | Cisco WLC versions antérieures à 8.5.161.0 | ||
| Cisco | N/A | Cisco Aironet Access Points Embedded Wireless Controller versions antérieures à 16.11.1b | ||
| Cisco | IP Phone | Cisco IP Phone 7811, 7821, 7841 et 7861 versions antérieures à 11.7(1) |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco IP Phone 8811, 8841, 8845, 8851, 8861 et 8865 versions ant\u00e9rieures \u00e0 11.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Online versions ant\u00e9rieures \u00e0 1.3.48",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions ant\u00e9rieures \u00e0 10.5(2)SU9",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions 8.6.x, 8.7.x et 8.8.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions 8.6.x et 8.7.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IoT Field Network Director versions ant\u00e9rieures \u00e0 4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings 39.5.x Sites versions ant\u00e9rieures \u00e0 39.5.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Unified IP Conference Phone 8831 versions ant\u00e9rieures \u00e0 10.3(1)SR6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Director versions ant\u00e9rieures \u00e0 6.7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points versions 8.9.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions 12.x ant\u00e9rieures \u00e0 12.5(1)SU2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions 8.6.x, 8.7.x et 8.8.x ant\u00e9rieures \u00e0 8.8.130.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCS Director Express for Big Data versions ant\u00e9rieures \u00e0 3.7.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Latest Sites versions ant\u00e9rieures \u00e0 40.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco UCM et SME versions 11.x ant\u00e9rieures \u00e0 11.5(1)SU7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Mobility Express versions 8.9.x et 9.10.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Webex Meetings Server versions ant\u00e9rieures \u00e0 4.0MR2SecurityPatch3",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Wireless IP Phone 8821 et 8821-EX versions ant\u00e9rieures \u00e0 11.0(5)SR3",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions 8.9.x et 8.10.x ant\u00e9rieures \u00e0 8.10.121.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco WLC versions ant\u00e9rieures \u00e0 8.5.161.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Aironet Access Points Embedded Wireless Controller versions ant\u00e9rieures \u00e0 16.11.1b",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco IP Phone 7811, 7821, 7841 et 7861 versions ant\u00e9rieures \u00e0 11.7(1)",
"product": {
"name": "IP Phone",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3273",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3273"
},
{
"name": "CVE-2020-3251",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3251"
},
{
"name": "CVE-2020-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3161"
},
{
"name": "CVE-2020-3162",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3162"
},
{
"name": "CVE-2020-3247",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3247"
},
{
"name": "CVE-2020-3249",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3249"
},
{
"name": "CVE-2020-3262",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3262"
},
{
"name": "CVE-2020-3240",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3240"
},
{
"name": "CVE-2016-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1421"
},
{
"name": "CVE-2020-3194",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3194"
},
{
"name": "CVE-2020-3261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3261"
},
{
"name": "CVE-2020-3243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3243"
},
{
"name": "CVE-2020-3250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3250"
},
{
"name": "CVE-2020-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3239"
},
{
"name": "CVE-2020-3260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3260"
},
{
"name": "CVE-2020-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3177"
},
{
"name": "CVE-2020-3252",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3252"
},
{
"name": "CVE-2020-3248",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3248"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-227",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-capwap-dos-Y2sD9uEw du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-capwap-dos-Y2sD9uEw"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-ucsd-mult-vulns-UNfpdW4E du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsd-mult-vulns-UNfpdW4E"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-webex-player-Q7Rtgvby du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-Q7Rtgvby"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-mob-exp-csrf-b8tFec24 du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-cucm-taps-path-trav-pfsFO93r du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-taps-path-trav-pfsFO93r"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-airo-wpa-dos-5ZLs6ESz du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-airo-wpa-dos-5ZLs6ESz"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-voip-phones-rce-dos-rB6EeRXs du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iot-coap-dos-WTBu6YTq du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iot-coap-dos-WTBu6YTq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160609-ipp du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-wlc-gas-dos-8FsE3AWH du 15 avril 2020",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-gas-dos-8FsE3AWH"
}
]
}
CNVD-2016-03957
Vulnerability from cnvd - Published: 2016-06-13
VLAI Severity ?
Title
Cisco IP 8800设备Web应用拒绝服务漏洞
Description
Cisco IP 8800 Series Phones是数字电话系统产品。
Cisco IP 8800 Series Phones的Web应用未正确检查输入数据的大小,未经身份验证的远程攻击者利用此漏洞可造成Web服务器进程停止响应,导致拒绝服务。
Severity
中
Patch Name
Cisco IP 8800设备Web应用拒绝服务漏洞的补丁
Patch Description
Cisco IP 8800 Series Phones是数字电话系统产品。
Cisco IP 8800 Series Phones的Web应用未正确检查输入数据的大小,未经身份验证的远程攻击者利用此漏洞可造成Web服务器进程停止响应,导致拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可联系供应商获得补丁信息: http://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityResponse
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp
Impacted products
| Name | Cisco IP Phone 8800 11.0(1) |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-1421"
}
},
"description": "Cisco IP 8800 Series Phones\u662f\u6570\u5b57\u7535\u8bdd\u7cfb\u7edf\u4ea7\u54c1\u3002\r\n\r\nCisco IP 8800 Series Phones\u7684Web\u5e94\u7528\u672a\u6b63\u786e\u68c0\u67e5\u8f93\u5165\u6570\u636e\u7684\u5927\u5c0f\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u9020\u6210Web\u670d\u52a1\u5668\u8fdb\u7a0b\u505c\u6b62\u54cd\u5e94\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Cisco",
"formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityResponse",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-03957",
"openTime": "2016-06-13",
"patchDescription": "Cisco IP 8800 Series Phones\u662f\u6570\u5b57\u7535\u8bdd\u7cfb\u7edf\u4ea7\u54c1\u3002\r\n\r\nCisco IP 8800 Series Phones\u7684Web\u5e94\u7528\u672a\u6b63\u786e\u68c0\u67e5\u8f93\u5165\u6570\u636e\u7684\u5927\u5c0f\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u9020\u6210Web\u670d\u52a1\u5668\u8fdb\u7a0b\u505c\u6b62\u54cd\u5e94\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco IP 8800\u8bbe\u5907Web\u5e94\u7528\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Cisco IP Phone 8800 11.0(1)"
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp",
"serverity": "\u4e2d",
"submitTime": "2016-06-12",
"title": "Cisco IP 8800\u8bbe\u5907Web\u5e94\u7528\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
VAR-201606-0277
Vulnerability from variot - Updated: 2023-12-18 14:05A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Vendors have confirmed this vulnerability Bug ID CSCuz03034 It is released as.Service disruption through a crafted request by a third party ( Memory out-of-bounds access and Web Stop the server ) There is a possibility of being put into a state. The Cisco IP8800 Series Phones are digital phone system products. The web application of the Cisco IP8800 Series Phones does not properly check the size of the input data. Due to the nature of this issue arbitrary code execution may be possible, but this has not been confirmed. This issue is being tracked by Cisco bug ID CSCuz03034. Cisco IP 8800 is a set of telephone products provided by Cisco (Cisco) in the United States that provides video and VoIP communication functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip phone 8800 series",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8800 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1)"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "880011.0(1)"
},
{
"model": "ip phone",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "91134"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1421",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-1421",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-03957",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90240",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-1421",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1421",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-03957",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-224",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90240",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Vendors have confirmed this vulnerability Bug ID CSCuz03034 It is released as.Service disruption through a crafted request by a third party ( Memory out-of-bounds access and Web Stop the server ) There is a possibility of being put into a state. The Cisco IP8800 Series Phones are digital phone system products. The web application of the Cisco IP8800 Series Phones does not properly check the size of the input data. Due to the nature of this issue arbitrary code execution may be possible, but this has not been confirmed. \nThis issue is being tracked by Cisco bug ID CSCuz03034. Cisco IP 8800 is a set of telephone products provided by Cisco (Cisco) in the United States that provides video and VoIP communication functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "BID",
"id": "91134"
},
{
"db": "VULHUB",
"id": "VHN-90240"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1421",
"trust": 3.4
},
{
"db": "TENABLE",
"id": "TRA-2020-24",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-03957",
"trust": 0.6
},
{
"db": "BID",
"id": "91134",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90240",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "BID",
"id": "91134"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"id": "VAR-201606-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
}
],
"trust": 1.07675563
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
}
]
},
"last_update_date": "2023-12-18T14:05:57.203000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160609-ipp",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160609-ipp"
},
{
"title": "Cisco IP8800 Device Web Application Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/77314"
},
{
"title": "Cisco IP 8800 Buffer Overflow Vulnerability Fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62179"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160609-ipp"
},
{
"trust": 1.7,
"url": "https://www.tenable.com/security/research/tra-2020-24"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1421"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1421"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "BID",
"id": "91134"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"db": "VULHUB",
"id": "VHN-90240"
},
{
"db": "BID",
"id": "91134"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"date": "2016-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-90240"
},
{
"date": "2016-06-09T00:00:00",
"db": "BID",
"id": "91134"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"date": "2016-06-10T01:59:06.037000",
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"date": "2016-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03957"
},
{
"date": "2020-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-90240"
},
{
"date": "2016-07-06T14:57:00",
"db": "BID",
"id": "91134"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003095"
},
{
"date": "2020-04-16T17:15:11.520000",
"db": "NVD",
"id": "CVE-2016-1421"
},
{
"date": "2020-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IP Phone 8800 Device Web Service disruption in applications (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-224"
}
],
"trust": 0.6
}
}
GHSA-25QV-8M5R-8645
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27
VLAI?
Details
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2016-1421"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-06-10T01:59:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.",
"id": "GHSA-25qv-8m5r-8645",
"modified": "2022-05-13T01:27:14Z",
"published": "2022-05-13T01:27:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1421"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2020-24"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2016-1421
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1421",
"description": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.",
"id": "GSD-2016-1421"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1421"
],
"details": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.",
"id": "GSD-2016-1421",
"modified": "2023-12-13T01:21:23.975331Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IP Phones",
"version": {
"version_data": [
{
"version_value": "11.7(1)"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-24",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2020-24"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1421"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability",
"refsource": "CISCO",
"tags": [],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"name": "https://www.tenable.com/security/research/tra-2020-24",
"refsource": "MISC",
"tags": [],
"url": "https://www.tenable.com/security/research/tra-2020-24"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-04-16T17:15Z",
"publishedDate": "2016-06-10T01:59Z"
}
}
}
FKIE_CVE-2016-1421
Vulnerability from fkie_nvd - Published: 2016-06-10 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@cisco.com | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp | Vendor Advisory | |
| psirt@cisco.com | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp | ||
| psirt@cisco.com | https://www.tenable.com/security/research/tra-2020-24 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2020-24 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | ip_phone | * | |
| cisco | ip_phone_8800_series_firmware | 11.0\(1\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F0554B7-0160-4885-B366-ED2C15E7EAF7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la aplicaci\u00f3n web para los tel\u00e9fonos IP de Cisco podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo con privilegios de root o provoque una recarga de un tel\u00e9fono IP afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad existe porque el software afectado no puede verificar los l\u00edmites de los datos de entrada. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP especialmente dise\u00f1ada al servidor web de un dispositivo objetivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de forma remota con privilegios de root o causar una recarga de un tel\u00e9fono IP afectado, lo que provocar\u00eda una condici\u00f3n DoS."
}
],
"id": "CVE-2016-1421",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-10T01:59:06.037",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"source": "psirt@cisco.com",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"source": "psirt@cisco.com",
"url": "https://www.tenable.com/security/research/tra-2020-24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2020-24"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…