var-201607-0433
Vulnerability from variot
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. Cisco ASR 5000 Device software includes SNMP There are vulnerabilities whose settings can be changed via. Vendors have confirmed this vulnerability Bug ID CSCuz29526 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlLead by a third party - Light (read-write) By using community information, SNMP Settings may be changed via. The Cisco ASR5000 is the ASR5000 series of multi-function router products from Cisco. An information disclosure vulnerability exists in CiscoASR5000deviceswithsoftware18.3 to 20.0.0. A remote attacker can exploit this vulnerability to change configuration information. Cisco ASR 5000 Series is prone to an information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201607-0433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "asr 5000",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "19.1.0.61559"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "20.0.0"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "18.3_base"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "19.0.m0.61045"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "19.1.0"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "19.2.0"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "19.0.m0.60828"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "19.0.m0.60737"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "19.0.1"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "18.3.0"
},
{
"model": "asr 5000 software",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "19.3.0"
},
{
"model": "asr 5000 series software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "18.3 from 20.0.0"
},
{
"model": "asr 5000 router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5000"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500020.0"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500019.3"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500019.2"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500019.1"
},
{
"model": "asr series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "500019.0"
},
{
"model": "asr series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "500020.1"
},
{
"model": "asr series",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "500019.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "BID",
"id": "91756"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
},
{
"db": "NVD",
"id": "CVE-2016-1452"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:asr_5000_series_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:asr_5000",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "91756"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1452",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1452",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2016-05061",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90271",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1452",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1452",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1452",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-05061",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-422",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90271",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "VULHUB",
"id": "VHN-90271"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
},
{
"db": "NVD",
"id": "CVE-2016-1452"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. Cisco ASR 5000 Device software includes SNMP There are vulnerabilities whose settings can be changed via. Vendors have confirmed this vulnerability Bug ID CSCuz29526 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlLead by a third party - Light (read-write) By using community information, SNMP Settings may be changed via. The Cisco ASR5000 is the ASR5000 series of multi-function router products from Cisco. An information disclosure vulnerability exists in CiscoASR5000deviceswithsoftware18.3 to 20.0.0. A remote attacker can exploit this vulnerability to change configuration information. Cisco ASR 5000 Series is prone to an information-disclosure vulnerability. \nSuccessful exploits may allow an attacker to obtain sensitive information that may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1452"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "BID",
"id": "91756"
},
{
"db": "VULHUB",
"id": "VHN-90271"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1452",
"trust": 3.4
},
{
"db": "BID",
"id": "91756",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1036298",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-05061",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90271",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "VULHUB",
"id": "VHN-90271"
},
{
"db": "BID",
"id": "91756"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
},
{
"db": "NVD",
"id": "CVE-2016-1452"
}
]
},
"id": "VAR-201607-0433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "VULHUB",
"id": "VHN-90271"
}
],
"trust": 1.1269730199999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
}
]
},
"last_update_date": "2024-11-23T23:02:33.935000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160713-asr",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160713-asr"
},
{
"title": "Patch for the Cisco ASR5000 Series Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/79337"
},
{
"title": "Cisco ASR 5000 Series Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=62965"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90271"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"db": "NVD",
"id": "CVE-2016-1452"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/91756"
},
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160713-asr"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1036298"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1452"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1452"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps11072/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "VULHUB",
"id": "VHN-90271"
},
{
"db": "BID",
"id": "91756"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
},
{
"db": "NVD",
"id": "CVE-2016-1452"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "VULHUB",
"id": "VHN-90271"
},
{
"db": "BID",
"id": "91756"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
},
{
"db": "NVD",
"id": "CVE-2016-1452"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"date": "2016-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-90271"
},
{
"date": "2016-07-13T00:00:00",
"db": "BID",
"id": "91756"
},
{
"date": "2016-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"date": "2016-07-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-422"
},
{
"date": "2016-07-15T16:59:06.207000",
"db": "NVD",
"id": "CVE-2016-1452"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"date": "2017-09-01T00:00:00",
"db": "VULHUB",
"id": "VHN-90271"
},
{
"date": "2016-07-13T00:00:00",
"db": "BID",
"id": "91756"
},
{
"date": "2016-07-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-003784"
},
{
"date": "2016-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-422"
},
{
"date": "2024-11-21T02:46:28.180000",
"db": "NVD",
"id": "CVE-2016-1452"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco ASR 5000 Series Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-05061"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-422"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.