admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2016/CVE-2016-12xx/CVE-2016-1297.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

138 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2016-1297",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2016-02-26T05:59:00.130",
"lastModified": "2016-12-06T03:06:34.463",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801."
},
{
"lang": "es",
"value": "El Device Manager GUI en Cisco Application Control Engine (ACE) 4710 A5 en versiones anteriores a A5(3.1) permite a usuarios remotos autenticados eludir las restricciones RBAC previstas y ejecutar comandos CLI arbitrarios con privilegios de administrador a trav\u00e9s de un par\u00e1metro no especificado en una petici\u00f3n POST, tambi\u00e9n conocida como Bug ID CSCul84801."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B30ACF96-F3BB-48C6-8CC8-06305F04D137"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "5AB819FC-9181-4625-8679-FC413FEEB771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "16C9EBEB-23D0-4894-9CE8-2B09BADDDFCF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9B5BB899-2DC6-4EA2-897A-3293EA06DB58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF2542D0-E96D-40AA-9352-CABC35FAE18E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "227DD48F-F442-43B5-A417-D9DC7D461253"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(3.0\\):*:*:*:*:*:*:*",
"matchCriteriaId": "147FC771-0066-41A9-B750-31FD0DB20D63"
}
]
}
]
}
],
"references": [
{
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace",
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securitytracker.com/id/1035104",
"source": "ykramarz@cisco.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink