cvelistv5 - cve-2016-6430

CVE-2016-6430 (GCVE-0-2016-6430)

Vulnerability from cvelistv5 – Published: 2016-11-03 21:00 – Updated: 2024-08-06 01:29

Summary

Severity ?

No CVSS data available.

CWE

unspecified

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/93919	vdb-entryx_refsource_BID
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco IP Interoperability and Collaboration System before 5.0(1)	Affected: Cisco IP Interoperability and Collaboration System before 5.0(1)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.141Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "93919",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93919"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Interoperability and Collaboration System before 5.0(1)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IP Interoperability and Collaboration System before 5.0(1)"
            }
          ]
        }
      ],
      "datePublic": "2016-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unspecified",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "93919",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93919"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6430",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Interoperability and Collaboration System before 5.0(1)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IP Interoperability and Collaboration System before 5.0(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unspecified"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "93919",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93919"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6430",
    "datePublished": "2016-11-03T21:00:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.141Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"567A84C2-6449-4CB3-887E-96D02DBEFBC1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.5\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70CB914A-0AC0-4F7A-BBDD-3A835BD74122\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.6\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F503681-F1F1-4337-8302-1F8EEBAFE03F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.7\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5762C908-0BE7-4F5F-94D0-CC262E4088D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C71D093A-19DD-4E9A-98F2-38FD7782CC01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08D3E0A1-16B2-4DD7-A4DA-809041E83DDC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45129EF0-B94E-48DA-AA63-0B2FC152FE48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"319FEEAF-8677-44C1-8FE1-1F046F2965E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.10\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE63D6EC-3CB7-46D1-B8E4-F618FB9D7466\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la interfaz de linea de comando del Cisco IP Interoperability y Collaboration System (IPICS) podr\\u00eda permitir a un atacante local autenticado elevar el nivel de privilegio asociado con su sesi\\u00f3n. M\\u00e1s informaci\\u00f3n: CSCva38636. Lanzamientos conocidos afectados: 4.10(1). Lanzamientos conocidos solucionados: 5.0(1).\"}]",
      "id": "CVE-2016-6430",
      "lastModified": "2024-11-21T02:56:06.920",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:S/C:C/I:C/A:C\", \"baseScore\": 6.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 2.7, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-11-03T21:59:01.310",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/93919\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/93919\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6430\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-11-03T21:59:01.310\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de linea de comando del Cisco IP Interoperability y Collaboration System (IPICS) podr\u00eda permitir a un atacante local autenticado elevar el nivel de privilegio asociado con su sesi\u00f3n. M\u00e1s informaci\u00f3n: CSCva38636. Lanzamientos conocidos afectados: 4.10(1). Lanzamientos conocidos solucionados: 5.0(1).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:S/C:C/I:C/A:C\",\"baseScore\":6.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":2.7,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"567A84C2-6449-4CB3-887E-96D02DBEFBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.5\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70CB914A-0AC0-4F7A-BBDD-3A835BD74122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.6\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F503681-F1F1-4337-8302-1F8EEBAFE03F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.7\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5762C908-0BE7-4F5F-94D0-CC262E4088D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C71D093A-19DD-4E9A-98F2-38FD7782CC01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08D3E0A1-16B2-4DD7-A4DA-809041E83DDC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45129EF0-B94E-48DA-AA63-0B2FC152FE48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"319FEEAF-8677-44C1-8FE1-1F046F2965E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.10\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE63D6EC-3CB7-46D1-B8E4-F618FB9D7466\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/93919\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/93919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-2FPC-VHW2-6C3X

Vulnerability from github – Published: 2022-05-17 03:39 – Updated: 2022-05-17 03:39

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6430"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-03T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).",
  "id": "GHSA-2fpc-vhw2-6c3x",
  "modified": "2022-05-17T03:39:25Z",
  "published": "2022-05-17T03:39:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6430"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93919"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

VAR-201611-0157

Vulnerability from variot - Updated: 2023-12-18 12:37

A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1). Vendors have confirmed this vulnerability Bug ID CSCva38636 It is released as.Local users may be able to elevate the privileges associated with the session. A local attacker may exploit this issue to gain elevated privileges on the affected system. This issue is being tracked by Cisco Bug ID CSCva38636. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0157",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.7\\(1\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.8\\(2\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.8\\(1\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.9\\(2\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.10\\(1\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.0\\(1\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.9\\(1\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.6\\(1\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "4.5\\(1\\)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "4.10(1)"
      },
      {
        "model": "ip interoperability and collaboration system",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "93919"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6430"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.10\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.7\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6430"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco.",
    "sources": [
      {
        "db": "BID",
        "id": "93919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-6430",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 2.7,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-6430",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 2.7,
            "id": "VHN-95250",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6430",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6430",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201610-771",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95250",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6430",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95250"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6430"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1). Vendors have confirmed this vulnerability Bug ID CSCva38636 It is released as.Local users may be able to elevate the privileges associated with the session. \nA local attacker may exploit  this issue to gain elevated privileges on the  affected system. \nThis issue is being tracked by Cisco Bug ID CSCva38636. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "db": "BID",
        "id": "93919"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95250"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6430"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6430",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "93919",
        "trust": 2.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-95250",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6430",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95250"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6430"
      },
      {
        "db": "BID",
        "id": "93919"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6430"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ]
  },
  "id": "VAR-201611-0157",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95250"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:37:39.982000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161026-ipics2",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-ipics2"
      },
      {
        "title": "Cisco IP Interoperability and Collaboration System Repair measures for privilege escalation",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65124"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6430"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95250"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6430"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-ipics2"
      },
      {
        "trust": 1.9,
        "url": "http://www.securityfocus.com/bid/93919"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6430"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6430"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95250"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6430"
      },
      {
        "db": "BID",
        "id": "93919"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6430"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95250"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6430"
      },
      {
        "db": "BID",
        "id": "93919"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6430"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95250"
      },
      {
        "date": "2016-11-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6430"
      },
      {
        "date": "2016-10-26T00:00:00",
        "db": "BID",
        "id": "93919"
      },
      {
        "date": "2016-11-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "date": "2016-11-03T21:59:01.310000",
        "db": "NVD",
        "id": "CVE-2016-6430"
      },
      {
        "date": "2016-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-28T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95250"
      },
      {
        "date": "2016-11-28T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6430"
      },
      {
        "date": "2016-11-24T05:04:00",
        "db": "BID",
        "id": "93919"
      },
      {
        "date": "2016-11-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      },
      {
        "date": "2016-11-28T20:32:40.903000",
        "db": "NVD",
        "id": "CVE-2016-6430"
      },
      {
        "date": "2016-11-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "93919"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco IP Interoperability and Collaboration System Elevated privilege vulnerability in the command line interface",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005729"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201610-771"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2016-10391

Vulnerability from cnvd - Published: 2016-10-31

Title

Cisco IP Interoperability and Collaboration System本地权限提升漏洞

Description

Cisco IP Interoperability and Collaboration System是一套基于IP标准可以在不同系统中提供声音互操作性的解决方案。 Cisco IP Interoperability and Collaboration System命令行CLI存在本地权限提升漏洞，允许本地攻击者利用漏洞提升权限。

Severity

中

Patch Name

Cisco IP Interoperability and Collaboration System本地权限提升漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2

Reference

http://www.securityfocus.com/bid/93919

Impacted products

Name
Cisco IP Interoperability and Collaboration System

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "93919"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6430"
    }
  },
  "description": "Cisco IP Interoperability and Collaboration System\u662f\u4e00\u5957\u57fa\u4e8eIP\u6807\u51c6\u53ef\u4ee5\u5728\u4e0d\u540c\u7cfb\u7edf\u4e2d\u63d0\u4f9b\u58f0\u97f3\u4e92\u64cd\u4f5c\u6027\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco IP Interoperability and Collaboration System\u547d\u4ee4\u884cCLI\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10391",
  "openTime": "2016-10-31",
  "patchDescription": "Cisco IP Interoperability and Collaboration System\u662f\u4e00\u5957\u57fa\u4e8eIP\u6807\u51c6\u53ef\u4ee5\u5728\u4e0d\u540c\u7cfb\u7edf\u4e2d\u63d0\u4f9b\u58f0\u97f3\u4e92\u64cd\u4f5c\u6027\u7684\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco IP Interoperability and Collaboration System\u547d\u4ee4\u884cCLI\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u5141\u8bb8\u672c\u5730\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IP Interoperability and Collaboration System\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco IP Interoperability and Collaboration System"
  },
  "referenceLink": "http://www.securityfocus.com/bid/93919",
  "serverity": "\u4e2d",
  "submitTime": "2016-10-27",
  "title": "Cisco IP Interoperability and Collaboration System\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CERTFR-2016-AVI-363

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco IPICS versions antérieures à 4.10(2)
Cisco	N/A	Cisco AsyncOS toutes versions sans le dernier correctif de sécurité
Cisco	N/A	Cisco Email Security Appliance (ESA) sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20161026-ipics2 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa6 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa3 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa5 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa2 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-ipics du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa3 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa2 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa1 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa1 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa1 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa5 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-ipics2 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa1 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa2 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa3 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa2 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa6 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa3 du 26 octobre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IPICS versions ant\u00e9rieures \u00e0 4.10(2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco AsyncOS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Email Security Appliance (ESA) sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6372"
    },
    {
      "name": "CVE-2016-6357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6357"
    },
    {
      "name": "CVE-2016-6358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6358"
    },
    {
      "name": "CVE-2016-6360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6360"
    },
    {
      "name": "CVE-2016-1480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1480"
    },
    {
      "name": "CVE-2016-6430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6430"
    },
    {
      "name": "CVE-2016-6356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6356"
    },
    {
      "name": "CVE-2016-6397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6397"
    },
    {
      "name": "CVE-2016-1481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1481"
    },
    {
      "name": "CVE-2016-1486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1486"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa1 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa5 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-ipics2 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa1 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa2 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 26 octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa3 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa2 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa6 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa3 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3"
    }
  ],
  "reference": "CERTFR-2016-AVI-363",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-ipics2 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa6 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa3 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa5 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa2 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-ipics du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa3 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa2 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa1 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa1 du 26 octobre 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-363

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco IPICS versions antérieures à 4.10(2)
Cisco	N/A	Cisco AsyncOS toutes versions sans le dernier correctif de sécurité
Cisco	N/A	Cisco Email Security Appliance (ESA) sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20161026-ipics2 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa6 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa3 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa5 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa2 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-ipics du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa3 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa2 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esa1 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa1 du 26 octobre 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa1 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa5 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-ipics2 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa1 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa2 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa3 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa2 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esa6 du 26 octobre 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20161026-esawsa3 du 26 octobre 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco IPICS versions ant\u00e9rieures \u00e0 4.10(2)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco AsyncOS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Email Security Appliance (ESA) sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-6372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6372"
    },
    {
      "name": "CVE-2016-6357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6357"
    },
    {
      "name": "CVE-2016-6358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6358"
    },
    {
      "name": "CVE-2016-6360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6360"
    },
    {
      "name": "CVE-2016-1480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1480"
    },
    {
      "name": "CVE-2016-6430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6430"
    },
    {
      "name": "CVE-2016-6356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6356"
    },
    {
      "name": "CVE-2016-6397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6397"
    },
    {
      "name": "CVE-2016-1481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1481"
    },
    {
      "name": "CVE-2016-1486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1486"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa1 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa5 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa5"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-ipics2 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa1 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa2 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco du 26 octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa3 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa3"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa2 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa6 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esa6"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa3 du 26    octobre 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-esawsa3"
    }
  ],
  "reference": "CERTFR-2016-AVI-363",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-ipics2 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa6 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa3 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa5 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa2 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-ipics du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa3 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa2 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esa1 du 26 octobre 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20161026-esawsa1 du 26 octobre 2016",
      "url": null
    }
  ]
}

GSD-2016-6430

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6430

Aliases

CVE-2016-6430

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6430",
    "description": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).",
    "id": "GSD-2016-6430"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6430"
      ],
      "details": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).",
      "id": "GSD-2016-6430",
      "modified": "2023-12-13T01:21:22.963291Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6430",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco IP Interoperability and Collaboration System before 5.0(1)",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco IP Interoperability and Collaboration System before 5.0(1)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "93919",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/93919"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.6\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.0\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.5\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.10\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.7\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\(1\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6430"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
            },
            {
              "name": "93919",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/93919"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 2.7,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-11-28T20:32Z",
      "publishedDate": "2016-11-03T21:59Z"
    }
  }
}

FKIE_CVE-2016-6430

Vulnerability from fkie_nvd - Published: 2016-11-03 21:59 - Updated: 2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/93919
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/93919
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ip_interoperability_and_collaboration_system	4.0\(1\)
cisco	ip_interoperability_and_collaboration_system	4.5\(1\)
cisco	ip_interoperability_and_collaboration_system	4.6\(1\)
cisco	ip_interoperability_and_collaboration_system	4.7\(1\)
cisco	ip_interoperability_and_collaboration_system	4.8\(1\)
cisco	ip_interoperability_and_collaboration_system	4.8\(2\)
cisco	ip_interoperability_and_collaboration_system	4.9\(1\)
cisco	ip_interoperability_and_collaboration_system	4.9\(2\)
cisco	ip_interoperability_and_collaboration_system	4.10\(1\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "567A84C2-6449-4CB3-887E-96D02DBEFBC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "70CB914A-0AC0-4F7A-BBDD-3A835BD74122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8F503681-F1F1-4337-8302-1F8EEBAFE03F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.7\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5762C908-0BE7-4F5F-94D0-CC262E4088D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C71D093A-19DD-4E9A-98F2-38FD7782CC01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "08D3E0A1-16B2-4DD7-A4DA-809041E83DDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "45129EF0-B94E-48DA-AA63-0B2FC152FE48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "319FEEAF-8677-44C1-8FE1-1F046F2965E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.10\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FE63D6EC-3CB7-46D1-B8E4-F618FB9D7466",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de linea de comando del Cisco IP Interoperability y Collaboration System (IPICS) podr\u00eda permitir a un atacante local autenticado elevar el nivel de privilegio asociado con su sesi\u00f3n. M\u00e1s informaci\u00f3n: CSCva38636. Lanzamientos conocidos afectados: 4.10(1). Lanzamientos conocidos solucionados: 5.0(1)."
    }
  ],
  "id": "CVE-2016-6430",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 2.7,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-03T21:59:01.310",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/93919"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/93919"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6430 (GCVE-0-2016-6430)

GHSA-2FPC-VHW2-6C3X

VAR-201611-0157

CNVD-2016-10391

CERTFR-2016-AVI-363

Solution

CERTFR-2016-AVI-363

Solution

GSD-2016-6430

FKIE_CVE-2016-6430

Tags

Sightings

Nomenclature