VAR-201610-0266
Vulnerability from variot - Updated: 2023-12-18 13:44A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). Vendors have confirmed this vulnerability Bug ID CSCva46644 It is released as.By a third party UMS The setting parameters of the system may be changed and the system may become unusable. Cisco IP Interoperability and Collaboration System is prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug ID CSCva46644. Cisco IP Interoperability and Collaboration System 4.8(1) through 4.10(1) are vulnerable. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents. An authentication bypass vulnerability exists in Cisco IPICS Versions 4.8(1) through 4.10(1) of Universal Media Services
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.8\\(2\\)"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.9\\(1\\)"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.8\\(1\\)"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.9\\(2\\)"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.10\\(1\\)"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.8(1) to 4.10(1)"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.8(1)"
},
{
"model": "ip interoperability and collaboration system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "4.10(1)"
}
],
"sources": [
{
"db": "BID",
"id": "93913"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"db": "NVD",
"id": "CVE-2016-6397"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.8\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.10\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:ip_interoperability_and_collaboration_system:4.9\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6397"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93913"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
],
"trust": 0.9
},
"cve": "CVE-2016-6397",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-6397",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95217",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-6397",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6397",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-769",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95217",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6397",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95217"
},
{
"db": "VULMON",
"id": "CVE-2016-6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"db": "NVD",
"id": "CVE-2016-6397"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). Vendors have confirmed this vulnerability Bug ID CSCva46644 It is released as.By a third party UMS The setting parameters of the system may be changed and the system may become unusable. Cisco IP Interoperability and Collaboration System is prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nThis issue is being tracked by Cisco Bug ID CSCva46644. \nCisco IP Interoperability and Collaboration System 4.8(1) through 4.10(1) are vulnerable. The solution supports the simplification of radio dispatching operations and improves the ability to respond to accidents, emergencies, and facility incidents. An authentication bypass vulnerability exists in Cisco IPICS Versions 4.8(1) through 4.10(1) of Universal Media Services",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"db": "BID",
"id": "93913"
},
{
"db": "VULHUB",
"id": "VHN-95217"
},
{
"db": "VULMON",
"id": "CVE-2016-6397"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6397",
"trust": 2.9
},
{
"db": "BID",
"id": "93913",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-769",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95217",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6397",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95217"
},
{
"db": "VULMON",
"id": "CVE-2016-6397"
},
{
"db": "BID",
"id": "93913"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"db": "NVD",
"id": "CVE-2016-6397"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
]
},
"id": "VAR-201610-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95217"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:44:12.023000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161026-ipics",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-ipics"
},
{
"title": "Cisco IP Interoperability and Collaboration System Fixes for authentication bypassing vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65122"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6397"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95217"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"db": "NVD",
"id": "CVE-2016-6397"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161026-ipics"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/93913"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6397"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6397"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-vulnerability-in-facility-events-response-system/121626/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95217"
},
{
"db": "VULMON",
"id": "CVE-2016-6397"
},
{
"db": "BID",
"id": "93913"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"db": "NVD",
"id": "CVE-2016-6397"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95217"
},
{
"db": "VULMON",
"id": "CVE-2016-6397"
},
{
"db": "BID",
"id": "93913"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"db": "NVD",
"id": "CVE-2016-6397"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95217"
},
{
"date": "2016-10-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6397"
},
{
"date": "2016-10-26T00:00:00",
"db": "BID",
"id": "93913"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"date": "2016-10-28T10:59:12.433000",
"db": "NVD",
"id": "CVE-2016-6397"
},
{
"date": "2016-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95217"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6397"
},
{
"date": "2016-11-24T01:04:00",
"db": "BID",
"id": "93913"
},
{
"date": "2016-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005653"
},
{
"date": "2016-11-28T20:32:10.117000",
"db": "NVD",
"id": "CVE-2016-6397"
},
{
"date": "2016-10-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IPICS of UMS In the device-to-device communication interface UMS Vulnerability to change configuration parameters",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005653"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-769"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…