cvelistv5 - cve-2016-6459

CVE-2016-6459 (GCVE-0-2016-6459)

Vulnerability from cvelistv5 – Published: 2016-11-19 02:45 – Updated: 2024-08-06 01:29

Summary

Severity ?

No CVSS data available.

CWE

unspecified

Assigner

cisco

References

URL

Tags

	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/94075	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1037187	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	n/a	Cisco TelePresence CE and TC 8.1.x	Affected: Cisco TelePresence CE and TC 8.1.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:29:20.162Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp"
          },
          {
            "name": "94075",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94075"
          },
          {
            "name": "1037187",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037187"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco TelePresence CE and TC 8.1.x",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco TelePresence CE and TC 8.1.x"
            }
          ]
        }
      ],
      "datePublic": "2016-11-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unspecified",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp"
        },
        {
          "name": "94075",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94075"
        },
        {
          "name": "1037187",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037187"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6459",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco TelePresence CE and TC 8.1.x",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco TelePresence CE and TC 8.1.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unspecified"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp"
            },
            {
              "name": "94075",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94075"
            },
            {
              "name": "1037187",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037187"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-6459",
    "datePublished": "2016-11-19T02:45:00",
    "dateReserved": "2016-07-26T00:00:00",
    "dateUpdated": "2024-08-06T01:29:20.162Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"873E6F91-E3A8-4B6F-87F0-2FC843A0521F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5ACE9AFC-B520-44A9-90E9-0921AA25FA4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"383A9D84-B1CA-42E1-B863-42B7F30A0DE8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6E1EDB9-0C99-4067-BA23-94EA3225C0D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF5B5124-D5AF-46E4-81DF-A63DB4A3141D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24F58A78-36B5-4CF0-B71D-DF451479F451\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B87019A-1277-483E-AAD1-17A53FAD7121\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C3501B65-DF7C-4E58-894A-E0280A68DA62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"35BCB121-C70F-44BC-80EE-415BDCF0E3FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7217AEE6-8BE5-46AC-8972-F7BDD1E48B3F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_tc_software:8.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBF60AFA-2B8A-4810-8E7C-E80E5294DCC6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.\"}, {\"lang\": \"es\", \"value\": \"Los puntos finales de Cisco TelePresence que ejecutan cualquiera de los software CE o TC contienen una vulnerabilidad que podr\\u00eda permitir a un atacante local autenticado ejecutar una inyecci\\u00f3n de comando shell local. M\\u00e1s informaci\\u00f3n: CSCvb25010. Lanzamientos conocidos afectados: 8.1.x. Lanzamientos conocidos solucionados: 6.3.4 7.3.7 8.2.2 8.3.0.\"}]",
      "id": "CVE-2016-6459",
      "lastModified": "2024-11-21T02:56:10.413",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:N/A:N\", \"baseScore\": 4.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-11-19T03:03:02.507",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/94075\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id/1037187\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94075\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1037187\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-6459\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2016-11-19T03:03:02.507\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.\"},{\"lang\":\"es\",\"value\":\"Los puntos finales de Cisco TelePresence que ejecutan cualquiera de los software CE o TC contienen una vulnerabilidad que podr\u00eda permitir a un atacante local autenticado ejecutar una inyecci\u00f3n de comando shell local. M\u00e1s informaci\u00f3n: CSCvb25010. Lanzamientos conocidos afectados: 8.1.x. Lanzamientos conocidos solucionados: 6.3.4 7.3.7 8.2.2 8.3.0.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":4.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"873E6F91-E3A8-4B6F-87F0-2FC843A0521F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ACE9AFC-B520-44A9-90E9-0921AA25FA4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"383A9D84-B1CA-42E1-B863-42B7F30A0DE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6E1EDB9-0C99-4067-BA23-94EA3225C0D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF5B5124-D5AF-46E4-81DF-A63DB4A3141D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24F58A78-36B5-4CF0-B71D-DF451479F451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B87019A-1277-483E-AAD1-17A53FAD7121\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3501B65-DF7C-4E58-894A-E0280A68DA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35BCB121-C70F-44BC-80EE-415BDCF0E3FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7217AEE6-8BE5-46AC-8972-F7BDD1E48B3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_tc_software:8.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBF60AFA-2B8A-4810-8E7C-E80E5294DCC6\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/94075\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id/1037187\",\"source\":\"psirt@cisco.com\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1037187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2016-10637

Vulnerability from cnvd - Published: 2016-11-07

Title

Cisco TelePresence Endpoints本地命令注入漏洞

Description

Cisco TelePresence Endpoints是一种全新的系统技术，它结合思科在智能化IP网络、统一通信、超高清IP视频（达点击此处添加图片说明1080p解析度）、空间IP音频、交互式协同组件、数字电影、灯光环境、人体工程等领域一系列的技术突破及集成技术，成功进行了系统性创新，实现跨越空间和技术障碍的真实体验。 Cisco TelePresence Endpoints存在本地命令注入漏洞。攻击者可以利用该漏洞获得权限提升执行任意代码。

Severity

中

Formal description

目前没有详细解决方案提供： http://www.cisco.com/

Reference

http://www.securityfocus.com/bid/94075 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp

Impacted products

Name
['Cisco TelePresence CE Software 0', 'Cisco TelePresence TC Software 0']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "94075"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-6459"
    }
  },
  "description": "Cisco TelePresence Endpoints\u662f\u4e00\u79cd\u5168\u65b0\u7684\u7cfb\u7edf\u6280\u672f\uff0c\u5b83\u7ed3\u5408\u601d\u79d1\u5728\u667a\u80fd\u5316IP\u7f51\u7edc\u3001\u7edf\u4e00\u901a\u4fe1\u3001\u8d85\u9ad8\u6e05IP\u89c6\u9891\uff08\u8fbe\u70b9\u51fb\u6b64\u5904\u6dfb\u52a0\u56fe\u7247\u8bf4\u660e1080p\u89e3\u6790\u5ea6\uff09\u3001\u7a7a\u95f4IP\u97f3\u9891\u3001\u4ea4\u4e92\u5f0f\u534f\u540c\u7ec4\u4ef6\u3001\u6570\u5b57\u7535\u5f71\u3001\u706f\u5149\u73af\u5883\u3001\u4eba\u4f53\u5de5\u7a0b\u7b49\u9886\u57df\u4e00\u7cfb\u5217\u7684\u6280\u672f\u7a81\u7834\u53ca\u96c6\u6210\u6280\u672f\uff0c\u6210\u529f\u8fdb\u884c\u4e86\u7cfb\u7edf\u6027\u521b\u65b0\uff0c\u5b9e\u73b0\u8de8\u8d8a\u7a7a\u95f4\u548c\u6280\u672f\u969c\u788d\u7684\u771f\u5b9e\u4f53\u9a8c\u3002\r\n\r\nCisco TelePresence Endpoints\u5b58\u5728\u672c\u5730\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u5f97\u6743\u9650\u63d0\u5347\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://www.cisco.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-10637",
  "openTime": "2016-11-07",
  "products": {
    "product": [
      "Cisco TelePresence CE Software 0",
      "Cisco TelePresence TC Software 0"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/94075\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp",
  "serverity": "\u4e2d",
  "submitTime": "2016-11-04",
  "title": "Cisco TelePresence Endpoints\u672c\u5730\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

VAR-201611-0168

Vulnerability from variot - Updated: 2023-12-18 13:19

Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. Vendors have confirmed this vulnerability Bug ID CSCvb25010 It is released as.A local attacker could insert local shell commands. Cisco TelePresence Endpoints is prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. This issue is being tracked by Cisco Bug ID CSCvb25010

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0168",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "7.1.0"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "7.1.1"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "7.1.2"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "7.1.3"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "7.1.4"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "7.3.0"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "7.3.1"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "cisco",
        "version": "7.3.3"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "cisco",
        "version": "7.3.2"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.1.0"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "8.0.0"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.0.0"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "8.1.0"
      },
      {
        "model": "telepresence tc software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "telepresence ce software",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "94075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6459"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "94075"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-6459",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2016-6459",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-95279",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2016-6459",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-6459",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-022",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-95279",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2016-6459",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0. Vendors have confirmed this vulnerability Bug ID CSCvb25010 It is released as.A local attacker could insert local shell commands. Cisco TelePresence Endpoints is prone to a local command-injection vulnerability. \nA local attacker can exploit this issue to execute arbitrary commands with elevated privileges. Successful exploits may compromise the affected device. \nThis issue is being tracked by Cisco Bug ID CSCvb25010",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-6459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "db": "BID",
        "id": "94075"
      },
      {
        "db": "VULHUB",
        "id": "VHN-95279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6459"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-6459",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "94075",
        "trust": 2.1
      },
      {
        "db": "SECTRACK",
        "id": "1037187",
        "trust": 1.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-95279",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6459",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6459"
      },
      {
        "db": "BID",
        "id": "94075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ]
  },
  "id": "VAR-201611-0168",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95279"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:19:39.120000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20161102-tp",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-tp"
      },
      {
        "title": "Cisco TelePresence Endpoint Fixes for local command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65299"
      },
      {
        "title": "Cisco TelePresence Endpoint Fixes for local command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65448"
      },
      {
        "title": "Symantec Security Advisories: SA147 : March 2017 NTP Security Vulnerabilities",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=7d6a7035af520037b0eb5fc69b3c488f"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2016-6459"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95279"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6459"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-tp"
      },
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/94075"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1037187"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6459"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6459"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/78.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/vulnerabilities/cisco-telepresence-cve-2016-6459"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
      },
      {
        "trust": 0.1,
        "url": "https://support.symantec.com/en_us/article.symsa1403.html"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-95279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6459"
      },
      {
        "db": "BID",
        "id": "94075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-95279"
      },
      {
        "db": "VULMON",
        "id": "CVE-2016-6459"
      },
      {
        "db": "BID",
        "id": "94075"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-6459"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95279"
      },
      {
        "date": "2016-11-19T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6459"
      },
      {
        "date": "2016-11-02T00:00:00",
        "db": "BID",
        "id": "94075"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "date": "2016-11-19T03:03:02.507000",
        "db": "NVD",
        "id": "CVE-2016-6459"
      },
      {
        "date": "2016-11-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-95279"
      },
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2016-6459"
      },
      {
        "date": "2016-11-24T01:07:00",
        "db": "BID",
        "id": "94075"
      },
      {
        "date": "2016-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      },
      {
        "date": "2017-07-29T01:34:18.740000",
        "db": "NVD",
        "id": "CVE-2016-6459"
      },
      {
        "date": "2016-11-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "94075"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco TelePresence TC Or  CE The software runs  TelePresence Local shell command injection vulnerability in endpoint",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-005910"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-022"
      }
    ],
    "trust": 0.6
  }
}

GSD-2016-6459

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-6459

Aliases

CVE-2016-6459

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-6459",
    "description": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.",
    "id": "GSD-2016-6459"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-6459"
      ],
      "details": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.",
      "id": "GSD-2016-6459",
      "modified": "2023-12-13T01:21:23.333961Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-6459",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco TelePresence CE and TC 8.1.x",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco TelePresence CE and TC 8.1.x"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp"
          },
          {
            "name": "94075",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94075"
          },
          {
            "name": "1037187",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037187"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:8.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:8.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-6459"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp"
            },
            {
              "name": "94075",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/94075"
            },
            {
              "name": "1037187",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037187"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-07-29T01:34Z",
      "publishedDate": "2016-11-19T03:03Z"
    }
  }
}

FKIE_CVE-2016-6459

Vulnerability from fkie_nvd - Published: 2016-11-19 03:03 - Updated: 2025-04-12 10:46

Severity ?

5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/94075
psirt@cisco.com	http://www.securitytracker.com/id/1037187
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94075
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037187
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	telepresence_tc_software	7.1.0
cisco	telepresence_tc_software	7.1.1
cisco	telepresence_tc_software	7.1.2
cisco	telepresence_tc_software	7.1.3
cisco	telepresence_tc_software	7.1.4
cisco	telepresence_tc_software	7.3.0
cisco	telepresence_tc_software	7.3.1
cisco	telepresence_tc_software	7.3.2
cisco	telepresence_tc_software	7.3.3
cisco	telepresence_tc_software	8.0.0
cisco	telepresence_tc_software	8.1.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "873E6F91-E3A8-4B6F-87F0-2FC843A0521F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ACE9AFC-B520-44A9-90E9-0921AA25FA4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "383A9D84-B1CA-42E1-B863-42B7F30A0DE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E1EDB9-0C99-4067-BA23-94EA3225C0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF5B5124-D5AF-46E4-81DF-A63DB4A3141D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F58A78-36B5-4CF0-B71D-DF451479F451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B87019A-1277-483E-AAD1-17A53FAD7121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3501B65-DF7C-4E58-894A-E0280A68DA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BCB121-C70F-44BC-80EE-415BDCF0E3FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7217AEE6-8BE5-46AC-8972-F7BDD1E48B3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBF60AFA-2B8A-4810-8E7C-E80E5294DCC6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0."
    },
    {
      "lang": "es",
      "value": "Los puntos finales de Cisco TelePresence que ejecutan cualquiera de los software CE o TC contienen una vulnerabilidad que podr\u00eda permitir a un atacante local autenticado ejecutar una inyecci\u00f3n de comando shell local. M\u00e1s informaci\u00f3n: CSCvb25010. Lanzamientos conocidos afectados: 8.1.x. Lanzamientos conocidos solucionados: 6.3.4 7.3.7 8.2.2 8.3.0."
    }
  ],
  "id": "CVE-2016-6459",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-11-19T03:03:02.507",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securityfocus.com/bid/94075"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1037187"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/94075"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-J33X-PV47-V562

Vulnerability from github – Published: 2022-05-17 02:22 – Updated: 2022-05-17 02:22

Details

Severity ?

5.5 (Medium)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-6459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-11-19T03:03:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco TelePresence endpoints running either CE or TC software contain a vulnerability that could allow an authenticated, local attacker to execute a local shell command injection. More Information: CSCvb25010. Known Affected Releases: 8.1.x. Known Fixed Releases: 6.3.4 7.3.7 8.2.2 8.3.0.",
  "id": "GHSA-j33x-pv47-v562",
  "modified": "2022-05-17T02:22:44Z",
  "published": "2022-05-17T02:22:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6459"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161102-tp"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94075"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037187"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-6459 (GCVE-0-2016-6459)

CNVD-2016-10637

VAR-201611-0168

GSD-2016-6459

FKIE_CVE-2016-6459

GHSA-J33X-PV47-V562

Tags

Sightings

Nomenclature