VAR-201610-0277
Vulnerability from variot - Updated: 2023-12-18 12:37The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. Vendors have confirmed this vulnerability Bug ID CSCuy75027 ,and CSCuy81653 It is released as.Unspecified by a third party Web By accessing the page, a user account may be created. Successful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. This issue is tracked by Cisco Bug IDs CSCuy75027 and CSCuy81653. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform. A remote attacker could exploit this vulnerability by visiting a page to create user accounts
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0277",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5\\(1\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0\\(2\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.4"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0(1) to 11.0(1)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.4 to 9.1(1)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "93420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6426"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93420"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6426",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6426",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-95246",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-6426",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6426",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95246",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The j_spring_security_switch_user function in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to create user accounts by visiting an unspecified web page, aka Bug IDs CSCuy75027 and CSCuy81653. Vendors have confirmed this vulnerability Bug ID CSCuy75027 ,and CSCuy81653 It is released as.Unspecified by a third party Web By accessing the page, a user account may be created. \nSuccessful exploits may allow an attacker to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. \nThis issue is tracked by Cisco Bug IDs CSCuy75027 and CSCuy81653. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform. A remote attacker could exploit this vulnerability by visiting a page to create user accounts",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "BID",
"id": "93420"
},
{
"db": "VULHUB",
"id": "VHN-95246"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6426",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1036952",
"trust": 1.7
},
{
"db": "BID",
"id": "93420",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95246",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "BID",
"id": "93420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"id": "VAR-201610-0277",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:37:41.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161005-ucis2",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis2"
},
{
"title": "Cisco Unified Intelligence Center Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64509"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis2"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93420"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036952"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6426"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6426"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id/1036952"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "BID",
"id": "93420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95246"
},
{
"db": "BID",
"id": "93420"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-95246"
},
{
"date": "2016-10-05T00:00:00",
"db": "BID",
"id": "93420"
},
{
"date": "2016-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"date": "2016-10-05T21:59:00.180000",
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"date": "2016-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-95246"
},
{
"date": "2016-10-10T00:05:00",
"db": "BID",
"id": "93420"
},
{
"date": "2016-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005163"
},
{
"date": "2017-07-30T01:29:13.130000",
"db": "NVD",
"id": "CVE-2016-6426"
},
{
"date": "2016-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Contact Center Express Used in Unified Intelligence Center Vulnerable to user account creation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005163"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-081"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…