var-201604-0050
Vulnerability from variot
Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837. Vendors have confirmed this vulnerability Bug ID CSCux68837 It is released as.Crafted by local users libclimeta.so It may be possible to get permission through the filename argument. Successful exploits may allow local attackers to execute arbitrary code in context of the application. Failed exploits may result in denial-of-service conditions. This issue being tracked by Cisco Bug ID CSCux68837. Cisco UCS Platform Emulator (UCSPE) is one of the UCS emulators. The following releases are affected: Cisco UCSPE Release 2.5(2)TS4, Release 3.0(2c)A, Release 3.0(2c)TS9
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0050",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified computing system platform emulator",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.5\\(2\\)ts4"
},
{
"model": "unified computing system platform emulator",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0\\(2c\\)a"
},
{
"model": "unified computing system platform emulator",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.0\\(2c\\)ts9"
},
{
"model": "unified computing system platform emulator",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "2.5(2)ts4"
},
{
"model": "unified computing system platform emulator",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.0(2c)a"
},
{
"model": "unified computing system platform emulator",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.0(2c)ts9"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
},
{
"db": "NVD",
"id": "CVE-2016-1340"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:unified_computing_system_platform_emulator",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines of Tenable Network Security",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
}
],
"trust": 0.6
},
"cve": "CVE-2016-1340",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1340",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-90159",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.5,
"id": "CVE-2016-1340",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1340",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1340",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-327",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90159",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90159"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
},
{
"db": "NVD",
"id": "CVE-2016-1340"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, 3.0(2c)A, and 3.0(2c)TS9 allows local users to gain privileges via crafted libclimeta.so filename arguments, aka Bug ID CSCux68837. Vendors have confirmed this vulnerability Bug ID CSCux68837 It is released as.Crafted by local users libclimeta.so It may be possible to get permission through the filename argument. \nSuccessful exploits may allow local attackers to execute arbitrary code in context of the application. Failed exploits may result in denial-of-service conditions. \nThis issue being tracked by Cisco Bug ID CSCux68837. Cisco UCS Platform Emulator (UCSPE) is one of the UCS emulators. The following releases are affected: Cisco UCSPE Release 2.5(2)TS4, Release 3.0(2c)A, Release 3.0(2c)TS9",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1340"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "BID",
"id": "86071"
},
{
"db": "VULHUB",
"id": "VHN-90159"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1340",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035582",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002104",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327",
"trust": 0.6
},
{
"db": "BID",
"id": "86071",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90159",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90159"
},
{
"db": "BID",
"id": "86071"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
},
{
"db": "NVD",
"id": "CVE-2016-1340"
}
]
},
"id": "VAR-201604-0050",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90159"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:52:41.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160414-ucspe2",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160414-ucspe2"
},
{
"title": "Cisco Unified Computing System Platform Emulator Fixes for heap-based buffer overflow vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60971"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90159"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "NVD",
"id": "CVE-2016-1340"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160414-ucspe2"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035582"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1340"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1340"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90159"
},
{
"db": "BID",
"id": "86071"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
},
{
"db": "NVD",
"id": "CVE-2016-1340"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90159"
},
{
"db": "BID",
"id": "86071"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
},
{
"db": "NVD",
"id": "CVE-2016-1340"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-16T00:00:00",
"db": "VULHUB",
"id": "VHN-90159"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86071"
},
{
"date": "2016-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-327"
},
{
"date": "2016-04-16T01:59:05.560000",
"db": "NVD",
"id": "CVE-2016-1340"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-90159"
},
{
"date": "2016-07-06T14:27:00",
"db": "BID",
"id": "86071"
},
{
"date": "2016-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"date": "2016-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-327"
},
{
"date": "2024-11-21T02:46:12.967000",
"db": "NVD",
"id": "CVE-2016-1340"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "86071"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Computing System Platform Emulator Heap-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002104"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-327"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…