var-201609-0315
Vulnerability from variot
Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. Cisco Fog Director for IOx is an automated management platform based on IOx (an end-to-end application support system that provides application hosting capabilities) for centralized management of multiple applications running on the edge of the network. The platform controls application settings and lifecycles, and supports access and monitoring of large-scale IoT deployments. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuz89368
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fog director",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.0\\(0\\)"
},
{
"model": "fog director",
"scope": "eq",
"trust": 1.4,
"vendor": "cisco",
"version": "1.0(0)"
},
{
"model": "fog director",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"db": "BID",
"id": "92958"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"db": "NVD",
"id": "CVE-2016-6405"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:fog_director:1.0\\(0\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6405"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "92958"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6405",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6405",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-07813",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-95225",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6405",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6405",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2016-07813",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201609-347",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95225",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"db": "VULHUB",
"id": "VHN-95225"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"db": "NVD",
"id": "CVE-2016-6405"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to bypass intended access restrictions and write to arbitrary files via the Cartridge interface, aka Bug ID CSCuz89368. Cisco Fog Director for IOx is an automated management platform based on IOx (an end-to-end application support system that provides application hosting capabilities) for centralized management of multiple applications running on the edge of the network. The platform controls application settings and lifecycles, and supports access and monitoring of large-scale IoT deployments. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuz89368",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6405"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
},
{
"db": "BID",
"id": "92958"
},
{
"db": "VULHUB",
"id": "VHN-95225"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6405",
"trust": 3.4
},
{
"db": "BID",
"id": "92958",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201609-347",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-07813",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-95225",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"db": "VULHUB",
"id": "VHN-95225"
},
{
"db": "BID",
"id": "92958"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"db": "NVD",
"id": "CVE-2016-6405"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
]
},
"id": "VAR-201609-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"db": "VULHUB",
"id": "VHN-95225"
}
],
"trust": 1.12424244
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07813"
}
]
},
"last_update_date": "2023-12-18T14:05:56.540000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160914-ioxfd",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160914-ioxfd"
},
{
"title": "Patch for Cisco Fog Director for IOx Arbitrary File Writing Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81550"
},
{
"title": "Cisco Fog Director for IOx Fixes for arbitrary file write vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64146"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95225"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"db": "NVD",
"id": "CVE-2016-6405"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160914-ioxfd"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92958"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6405"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6405"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"db": "VULHUB",
"id": "VHN-95225"
},
{
"db": "BID",
"id": "92958"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"db": "NVD",
"id": "CVE-2016-6405"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"db": "VULHUB",
"id": "VHN-95225"
},
{
"db": "BID",
"id": "92958"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"db": "NVD",
"id": "CVE-2016-6405"
},
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"date": "2016-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-95225"
},
{
"date": "2016-09-14T00:00:00",
"db": "BID",
"id": "92958"
},
{
"date": "2016-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"date": "2016-09-18T22:59:14.813000",
"db": "NVD",
"id": "CVE-2016-6405"
},
{
"date": "2016-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07813"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95225"
},
{
"date": "2016-09-14T00:00:00",
"db": "BID",
"id": "92958"
},
{
"date": "2016-09-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004796"
},
{
"date": "2016-11-28T20:32:17.710000",
"db": "NVD",
"id": "CVE-2016-6405"
},
{
"date": "2016-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOx of Fog Director Vulnerable to access restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004796"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201609-347"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.