var-201612-0360
Vulnerability from variot
A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199). Vendors have confirmed this vulnerability Bug ID CSCuw15041 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuw15041. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. Active Directory integration is one of the active directory components. The vulnerability stems from the program's improper handling of Password Authentication Protocol (PAP) authentication requests. A remote attacker can exploit this vulnerability by altering the correct PAP authentication request to cause subsequent authentication requests to the Active Directory domain to fail
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201612-0360",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "identity services engine",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "1.2\\(1.199\\)"
},
{
"model": "identity services engine software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.2(1.199)"
},
{
"model": "identity services engine",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "94810"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"db": "NVD",
"id": "CVE-2016-9198"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:identity_services_engine:1.2\\(1.199\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:identity_services_engine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9198"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "94810"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9198",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-9198",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-98018",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-9198",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-9198",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-226",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-98018",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98018"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"db": "NVD",
"id": "CVE-2016-9198"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the Active Directory integration component of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform a denial of service (DoS) attack. More Information: CSCuw15041. Known Affected Releases: 1.2(1.199). Vendors have confirmed this vulnerability Bug ID CSCuw15041 It is released as.Remote attacker could disrupt service operation (DoS) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCuw15041. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. Active Directory integration is one of the active directory components. The vulnerability stems from the program\u0027s improper handling of Password Authentication Protocol (PAP) authentication requests. A remote attacker can exploit this vulnerability by altering the correct PAP authentication request to cause subsequent authentication requests to the Active Directory domain to fail",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9198"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"db": "BID",
"id": "94810"
},
{
"db": "VULHUB",
"id": "VHN-98018"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9198",
"trust": 2.8
},
{
"db": "BID",
"id": "94810",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1037415",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006318",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-226",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-98018",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98018"
},
{
"db": "BID",
"id": "94810"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"db": "NVD",
"id": "CVE-2016-9198"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
]
},
"id": "VAR-201612-0360",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-98018"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:57:31.417000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20161207-ise",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-ise"
},
{
"title": "Cisco Identity Services Engine Active Directory Integration Component Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66263"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98018"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"db": "NVD",
"id": "CVE-2016-9198"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20161207-ise"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/94810"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1037415"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9198"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9198"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98018"
},
{
"db": "BID",
"id": "94810"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"db": "NVD",
"id": "CVE-2016-9198"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-98018"
},
{
"db": "BID",
"id": "94810"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"db": "NVD",
"id": "CVE-2016-9198"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-98018"
},
{
"date": "2016-12-07T00:00:00",
"db": "BID",
"id": "94810"
},
{
"date": "2016-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"date": "2016-12-14T00:59:18.300000",
"db": "NVD",
"id": "CVE-2016-9198"
},
{
"date": "2016-12-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-98018"
},
{
"date": "2016-12-20T01:08:00",
"db": "BID",
"id": "94810"
},
{
"date": "2016-12-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006318"
},
{
"date": "2016-12-22T18:18:50.170000",
"db": "NVD",
"id": "CVE-2016-9198"
},
{
"date": "2016-12-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Identity Services Engine of Active Directory Service disruption in integrated components (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006318"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-226"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.