VAR-201611-0163
Vulnerability from variot - Updated: 2023-12-18 12:05A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2). Vendors have confirmed this vulnerability Bug ID CSCvb71732 It is released as.Authentication may be bypassed by a third party. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCvb71732. The solution provides visibility into a unified view of connected devices in the home, reduces home network operating costs and improves user experience, among other features. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to gain full administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "prime home",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.2.0"
},
{
"model": "prime home",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.1_base"
},
{
"model": "prime home",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "5.0_base"
},
{
"model": "prime home",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "5.2"
},
{
"model": "prime home",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "5.0"
},
{
"model": "prime home",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "5.1.2"
},
{
"model": "prime home",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.1.1.7"
},
{
"model": "prime home",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "5.2.2.3"
},
{
"model": "prime home",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.2.2"
},
{
"model": "prime home",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.2.0"
},
{
"model": "prime home",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.1.6"
},
{
"model": "prime home",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.1.0"
},
{
"model": "prime home",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.2.2.3"
},
{
"model": "prime home",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "5.1.1.7"
}
],
"sources": [
{
"db": "BID",
"id": "94070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"db": "NVD",
"id": "CVE-2016-6452"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_home:5.0_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_home:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:prime_home:5.1_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6452"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94070"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6452",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-6452",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-95272",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-6452",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-6452",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-003",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-95272",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6452",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95272"
},
{
"db": "VULMON",
"id": "CVE-2016-6452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"db": "NVD",
"id": "CVE-2016-6452"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2). Vendors have confirmed this vulnerability Bug ID CSCvb71732 It is released as.Authentication may be bypassed by a third party. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may lead to further attacks. \nThis issue is tracked by Cisco Bug ID CSCvb71732. The solution provides visibility into a unified view of connected devices in the home, reduces home network operating costs and improves user experience, among other features. An attacker could exploit this vulnerability by sending a specially crafted HTTP request to gain full administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"db": "BID",
"id": "94070"
},
{
"db": "VULHUB",
"id": "VHN-95272"
},
{
"db": "VULMON",
"id": "CVE-2016-6452"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6452",
"trust": 2.9
},
{
"db": "BID",
"id": "94070",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-003",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-95272",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-6452",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95272"
},
{
"db": "VULMON",
"id": "CVE-2016-6452"
},
{
"db": "BID",
"id": "94070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"db": "NVD",
"id": "CVE-2016-6452"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
]
},
"id": "VAR-201611-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-95272"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:05:19.030000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161102-cph",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-cph"
},
{
"title": "Cisco Prime Home Fixes for authentication bypassing vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65233"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-authentication-bypass-in-cisco-prime-home/123551/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-critical-bugs-in-900-series-routers-prime-home-server/121765/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95272"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"db": "NVD",
"id": "CVE-2016-6452"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161102-cph"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/94070"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6452"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-6452"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/cisco-patches-authentication-bypass-in-cisco-prime-home/123551/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-95272"
},
{
"db": "VULMON",
"id": "CVE-2016-6452"
},
{
"db": "BID",
"id": "94070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"db": "NVD",
"id": "CVE-2016-6452"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-95272"
},
{
"db": "VULMON",
"id": "CVE-2016-6452"
},
{
"db": "BID",
"id": "94070"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"db": "NVD",
"id": "CVE-2016-6452"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-95272"
},
{
"date": "2016-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6452"
},
{
"date": "2016-11-02T00:00:00",
"db": "BID",
"id": "94070"
},
{
"date": "2016-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"date": "2016-11-03T21:59:07.873000",
"db": "NVD",
"id": "CVE-2016-6452"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-95272"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6452"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94070"
},
{
"date": "2016-11-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005734"
},
{
"date": "2016-11-28T20:33:03.123000",
"db": "NVD",
"id": "CVE-2016-6452"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Prime Home of Web Base of GUI Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005734"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-003"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…