VAR-201607-0006
Vulnerability from variot - Updated: 2023-12-18 12:51The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231. Multiple Cisco Products are prone to an authentication-bypass vulnerability. Attackers can exploit this issue to upload malicious code on the server or disclose sensitive information. This issue is being tracked by Cisco Bug ID's CSCuv56851 CSCuy10231 CSCuz01475 and CSCuz01505. PI is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; EPNM is a set of network management solutions. A security vulnerability exists in the APIs of Cisco PI and EPNM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2.1"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.1.0"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.3.0.20"
},
{
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2.0"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.0.45"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.4.1"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.3"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2\\(2\\)"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.2.0.103"
},
{
"model": "evolved programmable network manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2 to 3.0"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.4.0"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.3.0"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.2.0"
},
{
"model": "prime infrastructure",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"db": "NVD",
"id": "CVE-2016-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was found and reported to Cisco by Daniel Jensen from Security-Assessment.com.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1289",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-1289",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90108",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-1289",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1289",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-654",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90108",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90108"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"db": "NVD",
"id": "CVE-2016-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved Programmable Network Manager (EPNM) 1.2 allows remote attackers to execute arbitrary code or obtain sensitive management information via a crafted HTTP request, as demonstrated by discovering managed-device credentials, aka Bug ID CSCuy10231. Multiple Cisco Products are prone to an authentication-bypass vulnerability. \nAttackers can exploit this issue to upload malicious code on the server or disclose sensitive information. \nThis issue is being tracked by Cisco Bug ID\u0027s CSCuv56851 CSCuy10231 CSCuz01475 and CSCuz01505. PI is a set of wireless management solutions through Cisco Prime LAN Management Solution (LMS) and Cisco Prime Network Control System (NCS) technologies; EPNM is a set of network management solutions. A security vulnerability exists in the APIs of Cisco PI and EPNM",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1289"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"db": "BID",
"id": "91504"
},
{
"db": "VULHUB",
"id": "VHN-90108"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1289",
"trust": 2.8
},
{
"db": "BID",
"id": "91504",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1036195",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003413",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201606-654",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90108",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90108"
},
{
"db": "BID",
"id": "91504"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"db": "NVD",
"id": "CVE-2016-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
]
},
"id": "VAR-201607-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90108"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:31.560000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160629-piauthbypass",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-piauthbypass"
},
{
"title": "Cisco Prime Infrastructure and Evolved Programmable Network Manager API Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62563"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90108"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"db": "NVD",
"id": "CVE-2016-1289"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/91504"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160629-piauthbypass"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036195"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1289"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1289"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90108"
},
{
"db": "BID",
"id": "91504"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"db": "NVD",
"id": "CVE-2016-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90108"
},
{
"db": "BID",
"id": "91504"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"db": "NVD",
"id": "CVE-2016-1289"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-90108"
},
{
"date": "2016-06-29T00:00:00",
"db": "BID",
"id": "91504"
},
{
"date": "2016-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"date": "2016-07-02T14:59:06.100000",
"db": "NVD",
"id": "CVE-2016-1289"
},
{
"date": "2016-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-90108"
},
{
"date": "2016-07-06T15:10:00",
"db": "BID",
"id": "91504"
},
{
"date": "2016-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003413"
},
{
"date": "2019-07-29T17:47:15.557000",
"db": "NVD",
"id": "CVE-2016-1289"
},
{
"date": "2019-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime Infrastructure and Evolved Programmable Network Manager of API Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003413"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-654"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…