var-201610-0278
Vulnerability from variot
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. Vendors have confirmed this vulnerability Bug ID CSCuy75036 ,and CSCuy81654 It is released as.A third party may be able to hijack the authentication of any user. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco Bug IDs CSCuy75036 and CSCuy81654. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.5\\(1\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.0\\(2\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.1\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.6\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.5.4"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "10.0\\(1\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.0(1) to 11.0(1)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.5.4 to 9.1(1)"
},
{
"model": "unified intelligence center",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "93418"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"db": "NVD",
"id": "CVE-2016-6427"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_intelligence_center:9.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:unified_contact_center_express:10.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6427"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "93418"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6427",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-6427",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-95247",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-6427",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6427",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-95247",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"db": "NVD",
"id": "CVE-2016-6427"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654. Vendors have confirmed this vulnerability Bug ID CSCuy75036 ,and CSCuy81654 It is released as.A third party may be able to hijack the authentication of any user. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. \nThis issue is being tracked by Cisco Bug IDs CSCuy75036 and CSCuy81654. Unified CCX is a customer relationship management component in a unified communication solution; CUIC is a set of web-based reporting platform",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6427"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"db": "BID",
"id": "93418"
},
{
"db": "VULHUB",
"id": "VHN-95247"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6427",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1036953",
"trust": 1.7
},
{
"db": "BID",
"id": "93418",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005139",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-080",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95247",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95247"
},
{
"db": "BID",
"id": "93418"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"db": "NVD",
"id": "CVE-2016-6427"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
]
},
"id": "VAR-201610-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95247"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:48:45.983000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161005-ucis3",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis3"
},
{
"title": "Cisco Unified Intelligence Center Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=64508"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95247"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"db": "NVD",
"id": "CVE-2016-6427"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161005-ucis3"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93418"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036953"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6427"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6427"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id/1036953"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95247"
},
{
"db": "BID",
"id": "93418"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"db": "NVD",
"id": "CVE-2016-6427"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95247"
},
{
"db": "BID",
"id": "93418"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"db": "NVD",
"id": "CVE-2016-6427"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-95247"
},
{
"date": "2016-10-05T00:00:00",
"db": "BID",
"id": "93418"
},
{
"date": "2016-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"date": "2016-10-06T10:59:12.227000",
"db": "NVD",
"id": "CVE-2016-6427"
},
{
"date": "2016-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-95247"
},
{
"date": "2016-10-10T00:05:00",
"db": "BID",
"id": "93418"
},
{
"date": "2016-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005139"
},
{
"date": "2017-07-30T01:29:13.177000",
"db": "NVD",
"id": "CVE-2016-6427"
},
{
"date": "2016-10-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Contact Center Express Used in Unified Intelligence Center Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005139"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-080"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.