var-201704-0488
Vulnerability from variot
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1). Cisco Aironet 1800 , 2800 ,and 3800 Series platform contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvb13893 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Cisco Aironet AccessPoints is a set of wireless access point devices from Cisco. A local privilege elevation vulnerability exists in the Cisco Aironet AccessPoints platform. This issue is being tracked by Cisco Bug ID CSCvb13893. The vulnerability is caused by the program not properly managing user credentials
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2\\(102.43\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1\\(112.4\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2\\(100.0\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1\\(112.3\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1\\(15.14\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2_base"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1\\(131.0\\)"
},
{
"model": "aironet access point software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1800"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2800"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "38000"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "28000"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "18000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:aironet_access_point_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reuben Farrelly",
"sources": [
{
"db": "BID",
"id": "97468"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9196",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-9196",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-05164",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-98016",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2016-9196",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9196",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-9196",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-05164",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-442",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-98016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1). Cisco Aironet 1800 , 2800 ,and 3800 Series platform contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvb13893 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Cisco Aironet AccessPoints is a set of wireless access point devices from Cisco. A local privilege elevation vulnerability exists in the Cisco Aironet AccessPoints platform. \nThis issue is being tracked by Cisco Bug ID CSCvb13893. The vulnerability is caused by the program not properly managing user credentials",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9196"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "VULHUB",
"id": "VHN-98016"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9196",
"trust": 3.4
},
{
"db": "BID",
"id": "97468",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038187",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-05164",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "36323",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98016",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"id": "VAR-201704-0488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
}
],
"trust": 1.19107143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
}
]
},
"last_update_date": "2024-11-23T23:05:27.868000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170405-aironet",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet"
},
{
"title": "Patch for CiscoAironetAccessPoints Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92338"
},
{
"title": "Cisco Aironet 1800 , 2800 and 3800 Series Access Point platforms Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75147"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-aironet"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97468"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038187"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9196"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9196"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id/1038187"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36323"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-98016"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97468"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"date": "2017-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"date": "2017-04-07T17:59:00.230000",
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"date": "2017-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-98016"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97468"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"date": "2024-11-21T03:00:46.893000",
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97468"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Aironet Vulnerabilities related to authorization, authority, and access control in the platform",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.