var-201610-0277
Vulnerability from variot
The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. Vendors have confirmed this vulnerability Bug ID CSCuy75027 ,and CSCuy81653 It is released as.Unspecified by a third party Web By accessing the page, a user account may be created. Successful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCuy75027 and CSCuy81653. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform. A remote attacker could exploit this vulnerability by visiting a page to create user accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5\\(1\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0\\(2\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.4"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0(1) to 11.0(1)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.4 to 9.1(1)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "93420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6426"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93420"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6426",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-95246",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6426",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6426",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95246",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. Vendors have confirmed this vulnerability Bug ID CSCuy75027 ,and CSCuy81653 It is released as.Unspecified by a third party Web By accessing the page, a user account may be created. \nSuccessful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. \nThis issue is tracked by Cisco Bug IDs CSCuy75027 and CSCuy81653. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform. A remote attacker could exploit this vulnerability by visiting a page to create user accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "BID",
"id": "93420"
},
{
"db": "VULHUB",
"id": "VHN-95246"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6426",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1036952",
"trust": 1.7
},
{
"db": "BID",
"id": "93420",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95246",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "BID",
"id": "93420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"id": "VAR-201610-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:41.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161005-ucis2",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis2"
},
{
"title": "Cisco Unified Intelligence Center Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64509"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis2"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93420"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036952"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6426"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6426"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id/1036952"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "BID",
"id": "93420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "BID",
"id": "93420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-95246"
},
{
"date": "2016-10-05T00:00:00",
"db": "BID",
"id": "93420"
},
{
"date": "2016-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"date": "2016-10-05T21:59:00.180000",
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"date": "2016-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-95246"
},
{
"date": "2016-10-10T00:05:00",
"db": "BID",
"id": "93420"
},
{
"date": "2016-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"date": "2017-07-30T01:29:13.130000",
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"date": "2016-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Contact Center Express Used in Unified Intelligence Center Vulnerable to user account creation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.