Search criteria
27 vulnerabilities found for gs1900-10hp by zyxel
VAR-201602-0048
Vulnerability from variot - Updated: 2025-04-13 23:41The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. Vendors have confirmed this vulnerability Bug ID CSCuw79085 It is released as.By a third party XMPP Access may be gained through a session. Attackers can exploit this issue to gain unauthorized access to the affected application. This may allow an attacker to obtain and modify sensitive information. This issue is being tracked by Cisco bug IDs CSCuw79085 and CSCuw86638. Cisco Finesse Desktop is a suite of next-generation agent and desktop management software for customer collaboration solutions; Unified CCX is a customer relationship management component of a unified communications solution. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(1)"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.6(1)"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(1\\\\\\)_base"
},
{
"model": "finesse",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0\\\\\\(1\\\\\\)_base"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.6\\\\\\(1\\\\\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:finesse",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:unified_contact_center_express",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco.",
"sources": [
{
"db": "BID",
"id": "82400"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1307",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-1307",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-90126",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1307",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1307",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1307",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-143",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90126",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and Unified Contact Center Express 10.6(1) has a hardcoded account, which makes it easier for remote attackers to obtain access via an XMPP session, aka Bug ID CSCuw79085. Vendors have confirmed this vulnerability Bug ID CSCuw79085 It is released as.By a third party XMPP Access may be gained through a session. \nAttackers can exploit this issue to gain unauthorized access to the affected application. This may allow an attacker to obtain and modify sensitive information. \nThis issue is being tracked by Cisco bug IDs CSCuw79085 and CSCuw86638. Cisco Finesse Desktop is a suite of next-generation agent and desktop management software for customer collaboration solutions; Unified CCX is a customer relationship management component of a unified communications solution. This component integrates agent application and self-service voice service, and provides functions such as call distribution and customer access control",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1307"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "BID",
"id": "82400"
},
{
"db": "VULHUB",
"id": "VHN-90126"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1307",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1034921",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034920",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143",
"trust": 0.7
},
{
"db": "BID",
"id": "82400",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90126",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "BID",
"id": "82400"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"id": "VAR-201602-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:41:18.710000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160202-fducce",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160202-fducce"
},
{
"title": "Cisco Finesse Desktop and Unified Contact Center Express Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60091"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160202-fducce"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034920"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034921"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1307"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1307"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "BID",
"id": "82400"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90126"
},
{
"db": "BID",
"id": "82400"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
},
{
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-90126"
},
{
"date": "2016-02-02T00:00:00",
"db": "BID",
"id": "82400"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"date": "2016-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-143"
},
{
"date": "2016-02-07T11:59:03.880000",
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90126"
},
{
"date": "2016-07-05T21:21:00",
"db": "BID",
"id": "82400"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001493"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-143"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Finesse Desktop and Unified Contact Center Express of Openfire Vulnerability to gain access rights on the server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001493"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-143"
}
],
"trust": 0.6
}
}
VAR-201603-0293
Vulnerability from variot - Updated: 2025-04-13 23:41The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. This issue is being tracked by Cisco Bug ID CSCuv45410. The following products and versions are affected: Cisco IOS Release 12.2, Release 15.0, Release 15.2, IOS XE Release 3.2 through Release 3.7
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0293",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.3sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.0sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2se_3.2.2se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.0xo"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.1sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.2sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2ja_3.2.0ja"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2se_3.2.3se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3se_3.3.3se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.6sg"
},
{
"model": "jr6150",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2se_3.2.0se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3se_3.3.5se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3se_3.3.0se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.3e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.1xo"
},
{
"model": "core i5-9400f",
"scope": "eq",
"trust": 1.0,
"vendor": "intel",
"version": null
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.2se_3.2.1se"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.5sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3se_3.3.4se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.0e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.2ae"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.4sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3se_3.3.2se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3se_3.3.1se"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.0e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.2xo"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.0e"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "12.2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.2"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.2 to 3.7"
},
{
"model": "ios xe software",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(35\\\\\\)se4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(25\\\\\\)seg3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(52\\\\\\)ex1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(44\\\\\\)se5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(58\\\\\\)se2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(25\\\\\\)sed1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(50\\\\\\)se4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(25\\\\\\)seg6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(55\\\\\\)ez"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "12.2\\\\\\(50\\\\\\)se"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"db": "BID",
"id": "85308"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-359"
},
{
"db": "NVD",
"id": "CVE-2016-1349"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:ios_xe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tenable Network Security.",
"sources": [
{
"db": "BID",
"id": "85308"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1349",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1349",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01900",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90168",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1349",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1349",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1349",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01900",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-359",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90168",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"db": "VULHUB",
"id": "VHN-90168"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-359"
},
{
"db": "NVD",
"id": "CVE-2016-1349"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. \nThis issue is being tracked by Cisco Bug ID CSCuv45410. The following products and versions are affected: Cisco IOS Release 12.2, Release 15.0, Release 15.2, IOS XE Release 3.2 through Release 3.7",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1349"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"db": "BID",
"id": "85308"
},
{
"db": "VULHUB",
"id": "VHN-90168"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1349",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1035385",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-359",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01900",
"trust": 0.6
},
{
"db": "BID",
"id": "85308",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90168",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"db": "VULHUB",
"id": "VHN-90168"
},
{
"db": "BID",
"id": "85308"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-359"
},
{
"db": "NVD",
"id": "CVE-2016-1349"
}
]
},
"id": "VAR-201603-0293",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"db": "VULHUB",
"id": "VHN-90168"
}
],
"trust": 1.1984383299999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01900"
}
]
},
"last_update_date": "2025-04-13T23:41:18.516000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160323-smi",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-smi"
},
{
"title": "cisco-sa-20160323-smi",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/113/1136/1136608_cisco-sa-20160323-smi-j.html"
},
{
"title": "Patch for CiscoIOS and IOSXESoftwareSmartInstallclient Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/73294"
},
{
"title": "Cisco IOS and IOS XE Software Smart Install client Fixes for feature denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60684"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-359"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90168"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"db": "NVD",
"id": "CVE-2016-1349"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160323-smi"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035385"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1349"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1349"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"db": "VULHUB",
"id": "VHN-90168"
},
{
"db": "BID",
"id": "85308"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-359"
},
{
"db": "NVD",
"id": "CVE-2016-1349"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"db": "VULHUB",
"id": "VHN-90168"
},
{
"db": "BID",
"id": "85308"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-359"
},
{
"db": "NVD",
"id": "CVE-2016-1349"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"date": "2016-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-90168"
},
{
"date": "2016-03-23T00:00:00",
"db": "BID",
"id": "85308"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-359"
},
{
"date": "2016-03-26T01:59:03.120000",
"db": "NVD",
"id": "CVE-2016-1349"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01900"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90168"
},
{
"date": "2016-03-23T00:00:00",
"db": "BID",
"id": "85308"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001910"
},
{
"date": "2016-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-359"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1349"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-359"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS and IOS XE of Smart Install Service disruption in client implementation (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001910"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-359"
}
],
"trust": 0.6
}
}
VAR-201604-0007
Vulnerability from variot - Updated: 2025-04-13 23:35Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. Run on multiple devices Cisco TelePresence Server There is a service disruption ( Memory consumption or device reload ) There are vulnerabilities that are put into a state. Cisco TelePresence Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue to consume excessive amounts of memory resources, resulting in a denial-of-service condition. This issue is being tracked by Cisco bug ID CSCuv47565. MSE is a platform (Mobile Service Engine) that can provide Wi-Fi services. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in Cisco TelePresence Server due to the improper handling of specially crafted URLs by the HTTP parsing engine
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.1(2.29) to 4.2(4.17)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\\\\\(2.33\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\\\\\(2.29\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.2\\\\\\(4.17\\\\\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-039"
},
{
"db": "NVD",
"id": "CVE-2015-6313"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:telepresence_server_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "85881"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6313",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84274",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6313",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6313",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6313",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-039",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84274",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84274"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-039"
},
{
"db": "NVD",
"id": "CVE-2015-6313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted HTTP requests that are not followed by an unspecified negotiation, aka Bug ID CSCuv47565. Run on multiple devices Cisco TelePresence Server There is a service disruption ( Memory consumption or device reload ) There are vulnerabilities that are put into a state. Cisco TelePresence Server is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to consume excessive amounts of memory resources, resulting in a denial-of-service condition. \nThis issue is being tracked by Cisco bug ID CSCuv47565. MSE is a platform (Mobile Service Engine) that can provide Wi-Fi services. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in Cisco TelePresence Server due to the improper handling of specially crafted URLs by the HTTP parsing engine",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6313"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"db": "BID",
"id": "85881"
},
{
"db": "VULHUB",
"id": "VHN-84274"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6313",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035501",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007018",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-039",
"trust": 0.7
},
{
"db": "BID",
"id": "85881",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84274",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84274"
},
{
"db": "BID",
"id": "85881"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-039"
},
{
"db": "NVD",
"id": "CVE-2015-6313"
}
]
},
"id": "VAR-201604-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84274"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:35:05.195000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160406-cts1",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1"
},
{
"title": "Cisco TelePresence Server Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60774"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-039"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84274"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"db": "NVD",
"id": "CVE-2015-6313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-cts1"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035501"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6313"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6313"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84274"
},
{
"db": "BID",
"id": "85881"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-039"
},
{
"db": "NVD",
"id": "CVE-2015-6313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84274"
},
{
"db": "BID",
"id": "85881"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-039"
},
{
"db": "NVD",
"id": "CVE-2015-6313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84274"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85881"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-039"
},
{
"date": "2016-04-06T23:59:01.283000",
"db": "NVD",
"id": "CVE-2015-6313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-84274"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85881"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007018"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-039"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-039"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Run on multiple devices Cisco TelePresence Server Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007018"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-039"
}
],
"trust": 0.6
}
}
VAR-201602-0057
Vulnerability from variot - Updated: 2025-04-13 23:32Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. plural Cisco The product stores a plaintext encryption key, so there is a vulnerability that allows important information to be obtained. Vendors have confirmed this vulnerability Bug ID CSCuv85958 It is released as.Local users may get important information. Cisco Unified Communications Manager (also known as CallManager) and others are products of Cisco (Cisco). CallManager is a call processing component in a unified communication system. A local attacker could exploit this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2.10000.5)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2.12901.1)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1.10000.10)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1(2.10000.28)"
},
{
"model": "unified communications manager im and presence service",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1)"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2)"
},
{
"model": "unified communications manager im and presence service",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(2\\\\\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9.1\\\\\\(2.10000.28\\\\\\)"
},
{
"model": "unity connection",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(2\\\\\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(2.10000.5\\\\\\)"
},
{
"model": "unified contact center express",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0\\\\\\(1\\\\\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0\\\\\\(1.10000.10\\\\\\)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "10.5\\\\\\(2.12901.1\\\\\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:unified_communications_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:unified_communications_manager_im_and_presence_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:unified_contact_center_express",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:unity_connection",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
}
]
},
"cve": "CVE-2016-1319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1319",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-90138",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1319",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1319",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1319",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-172",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90138",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM \u0026 Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext encryption key, which allows local users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuv85958. plural Cisco The product stores a plaintext encryption key, so there is a vulnerability that allows important information to be obtained. Vendors have confirmed this vulnerability Bug ID CSCuv85958 It is released as.Local users may get important information. Cisco Unified Communications Manager (also known as CallManager) and others are products of Cisco (Cisco). CallManager is a call processing component in a unified communication system. A local attacker could exploit this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1319"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "VULHUB",
"id": "VHN-90138"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1319",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1034959",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034958",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1034960",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90138",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"id": "VAR-201602-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:32:39.630000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160208-ucm",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160208-ucm"
},
{
"title": "Multiple Cisco Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60115"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160208-ucm"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034958"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034959"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034960"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1319"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1319"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90138"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
},
{
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-90138"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-172"
},
{
"date": "2016-02-09T03:59:03.320000",
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90138"
},
{
"date": "2016-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001497"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-172"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Vulnerabilities in which important information is obtained in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001497"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-172"
}
],
"trust": 0.6
}
}
VAR-201604-0566
Vulnerability from variot - Updated: 2025-04-13 23:32The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. Cisco TelePresence Server is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to trigger kernel panics, denying further service to legitimate users. This issue is being tracked by Cisco bug ID CSCuu46673
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0566",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "emc powerscale onefs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "8.2.2"
},
{
"model": "jr6150",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.0 to 4.2(4.18)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.95\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0\\\\\\(1.57\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.0\\\\\\(2.48\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.82\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.98\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.0\\\\\\(2.24\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.0\\\\\\(2.8\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.80\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.0\\\\\\(2.49\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.0\\\\\\(2.46\\\\\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-049"
},
{
"db": "NVD",
"id": "CVE-2016-1346"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:telepresence_server_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "85891"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1346",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1346",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-90165",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2016-1346",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1346",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1346",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-049",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90165",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-049"
},
{
"db": "NVD",
"id": "CVE-2016-1346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673. Cisco TelePresence Server is prone to a denial-of-service vulnerability. \nExploiting this issue allows remote attackers to trigger kernel panics, denying further service to legitimate users. \nThis issue is being tracked by Cisco bug ID CSCuu46673",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1346"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"db": "BID",
"id": "85891"
},
{
"db": "VULHUB",
"id": "VHN-90165"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1346",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035499",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001948",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-049",
"trust": 0.7
},
{
"db": "BID",
"id": "85891",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90165",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90165"
},
{
"db": "BID",
"id": "85891"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-049"
},
{
"db": "NVD",
"id": "CVE-2016-1346"
}
]
},
"id": "VAR-201604-0566",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90165"
}
],
"trust": 0.5050625
},
"last_update_date": "2025-04-13T23:32:39.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160406-cts",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts"
},
{
"title": "Cisco Mobility Services Engine TelePresence Server Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60784"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-049"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90165"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"db": "NVD",
"id": "CVE-2016-1346"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-cts"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035499"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1346"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1346"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90165"
},
{
"db": "BID",
"id": "85891"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-049"
},
{
"db": "NVD",
"id": "CVE-2016-1346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90165"
},
{
"db": "BID",
"id": "85891"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-049"
},
{
"db": "NVD",
"id": "CVE-2016-1346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90165"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85891"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-049"
},
{
"date": "2016-04-06T23:59:13.740000",
"db": "NVD",
"id": "CVE-2016-1346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90165"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85891"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001948"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-049"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-049"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Mobility Services Engine 8710 Run on device TelePresence Server Service disruption in some kernels (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001948"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-049"
}
],
"trust": 0.6
}
}
VAR-201602-0045
Vulnerability from variot - Updated: 2025-04-13 23:27Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. Vendors report this vulnerability Bug ID CSCut12998 Published as. Supplementary information : CWE Vulnerability types by CWE-284: Improper Access Control ( Improper access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlCrafted by a remotely authenticated user REST Via a request, RBAC Restrictions may be bypassed. Cisco ApplicationPolicyInfrastructureControllers and CiscoNexus9000SeriesACIModeSwitches are products of Cisco. The former is a controller that automates the management of application-centric infrastructure (ACI). The latter is a 9000 series switch for Application-Centric Infrastructure (ACI). Security vulnerabilities exist in CiscoAPIC and Nexus9000ACIModeSwitches, which can be exploited by remote attackers to bypass established RBAC restrictions by sending specially crafted REST requests. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nx-os",
"scope": "eq",
"trust": 1.8,
"vendor": "cisco",
"version": "base"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1d)"
},
{
"model": "nexus 9000 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "aci mode switch 11.1(1j)"
},
{
"model": "nexus 9000 series",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "11.1"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(2m)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(3f)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1b)"
},
{
"model": "application policy infrastructure controller software",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1c)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(2j)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1e)"
},
{
"model": "application policy infrastructure controller software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "1.1(1j)"
},
{
"model": "application policy infrastructure controller \u003c1.0",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller 1.1 )",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "nexus aci mode switches with software \u003c11.0",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9000"
},
{
"model": "nexus aci mode switches with software 11.1 )",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9000"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0\\\\\\(2j\\\\\\)"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0\\\\\\(1n\\\\\\)"
},
{
"model": "nexus 9516",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0\\\\\\(1e\\\\\\)"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0\\\\\\(1k\\\\\\)"
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0\\\\\\(1h\\\\\\)"
},
{
"model": "nexus 9504",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0\\\\\\(2m\\\\\\)"
},
{
"model": "nexus 9508",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "application policy infrastructure controller",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0\\\\\\(3f\\\\\\)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-142"
},
{
"db": "NVD",
"id": "CVE-2016-1302"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:application_policy_infrastructure_controller_%28apic%29",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:nexus_9000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:nx-os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "82549"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1302",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-1302",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CNVD-2016-01453",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-90121",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1302",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1302",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1302",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01453",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-142",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90121",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"db": "VULHUB",
"id": "VHN-90121"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-142"
},
{
"db": "NVD",
"id": "CVE-2016-1302"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. Vendors report this vulnerability Bug ID CSCut12998 Published as. Supplementary information : CWE Vulnerability types by CWE-284: Improper Access Control ( Improper access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlCrafted by a remotely authenticated user REST Via a request, RBAC Restrictions may be bypassed. Cisco ApplicationPolicyInfrastructureControllers and CiscoNexus9000SeriesACIModeSwitches are products of Cisco. The former is a controller that automates the management of application-centric infrastructure (ACI). The latter is a 9000 series switch for Application-Centric Infrastructure (ACI). Security vulnerabilities exist in CiscoAPIC and Nexus9000ACIModeSwitches, which can be exploited by remote attackers to bypass established RBAC restrictions by sending specially crafted REST requests. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1302"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"db": "BID",
"id": "82549"
},
{
"db": "VULHUB",
"id": "VHN-90121"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1302",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034925",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-142",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01453",
"trust": 0.6
},
{
"db": "BID",
"id": "82549",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90121",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"db": "VULHUB",
"id": "VHN-90121"
},
{
"db": "BID",
"id": "82549"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-142"
},
{
"db": "NVD",
"id": "CVE-2016-1302"
}
]
},
"id": "VAR-201602-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"db": "VULHUB",
"id": "VHN-90121"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01453"
}
]
},
"last_update_date": "2025-04-13T23:27:26.647000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160203-apic",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic"
},
{
"title": "CiscoApplicationPolicyInfrastructureController and Nexus9000ACIModeSwitches security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/72203"
},
{
"title": "Cisco Application Policy Infrastructure Controller and Nexus 9000 ACI Mode Switches Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60090"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-142"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90121"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"db": "NVD",
"id": "CVE-2016-1302"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160203-apic"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1302"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034925"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1302"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"db": "VULHUB",
"id": "VHN-90121"
},
{
"db": "BID",
"id": "82549"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-142"
},
{
"db": "NVD",
"id": "CVE-2016-1302"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"db": "VULHUB",
"id": "VHN-90121"
},
{
"db": "BID",
"id": "82549"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-142"
},
{
"db": "NVD",
"id": "CVE-2016-1302"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"date": "2016-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-90121"
},
{
"date": "2016-02-03T00:00:00",
"db": "BID",
"id": "82549"
},
{
"date": "2016-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"date": "2016-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-142"
},
{
"date": "2016-02-07T11:59:01.943000",
"db": "NVD",
"id": "CVE-2016-1302"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01453"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90121"
},
{
"date": "2016-07-05T21:22:00",
"db": "BID",
"id": "82549"
},
{
"date": "2016-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001606"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-142"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1302"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Application Policy Infrastructure Controller Device software and Nexus 9000 ACI Mode In switch software RBAC Vulnerabilities bypassing restrictions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001606"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-142"
}
],
"trust": 0.6
}
}
VAR-201602-0220
Vulnerability from variot - Updated: 2025-04-13 23:26Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuq57512
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0220",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "nx-os",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1c)"
},
{
"model": "nexus series aci mode switche \u003c11.0",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "9000"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.0\\\\\\(1b\\\\\\)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
},
{
"db": "NVD",
"id": "CVE-2015-6398"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:nx-os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "82579"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6398",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6398",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01455",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84359",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6398",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6398",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6398",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01455",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-140",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84359",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "VULHUB",
"id": "VHN-84359"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
},
{
"db": "NVD",
"id": "CVE-2015-6398"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. \nAn attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCuq57512",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6398"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "BID",
"id": "82579"
},
{
"db": "VULHUB",
"id": "VHN-84359"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6398",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1034928",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-140",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01455",
"trust": 0.6
},
{
"db": "BID",
"id": "82579",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-84359",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "VULHUB",
"id": "VHN-84359"
},
{
"db": "BID",
"id": "82579"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
},
{
"db": "NVD",
"id": "CVE-2015-6398"
}
]
},
"id": "VAR-201602-0220",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "VULHUB",
"id": "VHN-84359"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
}
]
},
"last_update_date": "2025-04-13T23:26:39.556000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160203-n9knci",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-n9knci"
},
{
"title": "CiscoNexus9000ApplicationCentricInfrastructureMode Denial of Service Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/72201"
},
{
"title": "Cisco Nexus 9000 Application Centric Infrastructure Mode Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60088"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84359"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"db": "NVD",
"id": "CVE-2015-6398"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160203-n9knci"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6398"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034928"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6398"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "VULHUB",
"id": "VHN-84359"
},
{
"db": "BID",
"id": "82579"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
},
{
"db": "NVD",
"id": "CVE-2015-6398"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "VULHUB",
"id": "VHN-84359"
},
{
"db": "BID",
"id": "82579"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
},
{
"db": "NVD",
"id": "CVE-2015-6398"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"date": "2016-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84359"
},
{
"date": "2016-02-03T00:00:00",
"db": "BID",
"id": "82579"
},
{
"date": "2016-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"date": "2016-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-140"
},
{
"date": "2016-02-07T11:59:00.100000",
"db": "NVD",
"id": "CVE-2015-6398"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84359"
},
{
"date": "2016-07-05T21:22:00",
"db": "BID",
"id": "82579"
},
{
"date": "2016-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006960"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-140"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6398"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Nexus 9000 Application Centric Infrastructure Mode Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01455"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-140"
}
],
"trust": 0.6
}
}
VAR-201603-0033
Vulnerability from variot - Updated: 2025-04-13 23:23Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800. Cisco Nexus is Cisco's line of network switches designed for data centers. This vulnerability is caused by a user account created during installation that cannot be deleted or changed. The password is also static by default. Allows an unauthenticated remote attacker to log in to the device as root and has bashshell access. NX-OS Software is a data center operating system running on it
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "nx-os on nexus series switches 6.0 u6",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "3000"
},
{
"_id": null,
"model": "nx-os on nexus platform switches 6.0 a6",
"scope": "eq",
"trust": 3.0,
"vendor": "cisco",
"version": "3500"
},
{
"_id": null,
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"_id": null,
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"_id": null,
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"_id": null,
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0(2)a6(1) to 6.0(2)a6(5) (nexus 3500)"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0(2)a7(1) (nexus 3500)"
},
{
"_id": null,
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "6.0(2)u6(1) to 6.0(2)u6(5) (nexus 3000)"
},
{
"_id": null,
"model": "nx-os on nexus platform switches 6.0 a7",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3500"
},
{
"_id": null,
"model": "nexus 3064",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "nexus 3048",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "nexus 3064t",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "nexus 3548",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "nexus 3524",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"_id": null,
"model": "nexus 3064x",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01458"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-011"
},
{
"db": "NVD",
"id": "CVE-2016-1329"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:nx-os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
}
]
},
"cve": "CVE-2016-1329",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1329",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01458",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-90148",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1329",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1329",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-1329",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01458",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-011",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-90148",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1329",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01458"
},
{
"db": "VULHUB",
"id": "VHN-90148"
},
{
"db": "VULMON",
"id": "CVE-2016-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-011"
},
{
"db": "NVD",
"id": "CVE-2016-1329"
}
]
},
"description": {
"_id": null,
"data": "Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and 6.0(2)A6(1) through 6.0(2)A6(5) and 6.0(2)A7(1) on Nexus 3500 devices has hardcoded credentials, which allows remote attackers to obtain root privileges via a (1) TELNET or (2) SSH session, aka Bug ID CSCuy25800. Cisco Nexus is Cisco\u0027s line of network switches designed for data centers. This vulnerability is caused by a user account created during installation that cannot be deleted or changed. The password is also static by default. Allows an unauthenticated remote attacker to log in to the device as root and has bashshell access. NX-OS Software is a data center operating system running on it",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
},
{
"db": "CNVD",
"id": "CNVD-2016-01458"
},
{
"db": "VULHUB",
"id": "VHN-90148"
},
{
"db": "VULMON",
"id": "CVE-2016-1329"
}
],
"trust": 2.34
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2016-1329",
"trust": 3.2
},
{
"db": "SECTRACK",
"id": "1035161",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-011",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01458",
"trust": 0.6
},
{
"db": "BID",
"id": "83945",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-90923",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-90148",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1329",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01458"
},
{
"db": "VULHUB",
"id": "VHN-90148"
},
{
"db": "VULMON",
"id": "CVE-2016-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-011"
},
{
"db": "NVD",
"id": "CVE-2016-1329"
}
]
},
"id": "VAR-201603-0033",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01458"
},
{
"db": "VULHUB",
"id": "VHN-90148"
}
],
"trust": 1.6166666666666667
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01458"
}
]
},
"last_update_date": "2025-04-13T23:23:37.586000Z",
"patch": {
"_id": null,
"data": [
{
"title": "cisco-sa-20160302-n3k",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n3k"
},
{
"title": "Patch for Cisco Nexus 3000/3500 Switch Default Credential Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/72206"
},
{
"title": "Cisco Nexus 3000 Series Switches and Cisco Nexus 3500 Platform Switches NX-OS Software Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60376"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2016/03/03/cisco_stitches_default_root_creds_for_switches/"
},
{
"title": "Cisco: Cisco Nexus 3000 Series and 3500 Platform Switches Insecure Default Credentials Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160302-n3k"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01458"
},
{
"db": "VULMON",
"id": "CVE-2016-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-011"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90148"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
},
{
"db": "NVD",
"id": "CVE-2016-1329"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160302-n3k"
},
{
"trust": 1.8,
"url": "https://isc.sans.edu/forums/diary/20795"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1035161"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1329"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1329"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/83945"
},
{
"trust": 0.1,
"url": "https://www.theregister.co.uk/2016/03/03/cisco_stitches_default_root_creds_for_switches/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01458"
},
{
"db": "VULHUB",
"id": "VHN-90148"
},
{
"db": "VULMON",
"id": "CVE-2016-1329"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-011"
},
{
"db": "NVD",
"id": "CVE-2016-1329"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01458",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-90148",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2016-1329",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001817",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201603-011",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2016-1329",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2016-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01458",
"ident": null
},
{
"date": "2016-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90148",
"ident": null
},
{
"date": "2016-03-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1329",
"ident": null
},
{
"date": "2016-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001817",
"ident": null
},
{
"date": "2016-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-011",
"ident": null
},
{
"date": "2016-03-03T11:59:00.117000",
"db": "NVD",
"id": "CVE-2016-1329",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01458",
"ident": null
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90148",
"ident": null
},
{
"date": "2016-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1329",
"ident": null
},
{
"date": "2016-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001817",
"ident": null
},
{
"date": "2016-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-011",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1329",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-011"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Cisco Nexus 3000 and Nexus 3500 Run on device Cisco NX-OS In root Privileged vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001817"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-011"
}
],
"trust": 0.6
}
}
VAR-201602-0055
Vulnerability from variot - Updated: 2025-04-13 23:21Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A security vulnerability exists in CUCM 11.5 (0.98000.480) version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201602-0055",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.5(0.98000.480)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "11.5\\\\\\(0.98000.480\\\\\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-170"
},
{
"db": "NVD",
"id": "CVE-2016-1317"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:unified_communications_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
}
]
},
"cve": "CVE-2016-1317",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-1317",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-90136",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-1317",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1317",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1317",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201602-170",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-90136",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90136"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-170"
},
{
"db": "NVD",
"id": "CVE-2016-1317"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Communications Manager 11.5(0.98000.480) allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. A security vulnerability exists in CUCM 11.5 (0.98000.480) version",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1317"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"db": "VULHUB",
"id": "VHN-90136"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1317",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1034957",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001416",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201602-170",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-90136",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90136"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-170"
},
{
"db": "NVD",
"id": "CVE-2016-1317"
}
]
},
"id": "VAR-201602-0055",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90136"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:21:09.063000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-201600208-ucm",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-201600208-ucm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90136"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"db": "NVD",
"id": "CVE-2016-1317"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-201600208-ucm"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034957"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1317"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1317"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90136"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-170"
},
{
"db": "NVD",
"id": "CVE-2016-1317"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90136"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"db": "CNNVD",
"id": "CNNVD-201602-170"
},
{
"db": "NVD",
"id": "CVE-2016-1317"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-90136"
},
{
"date": "2016-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-170"
},
{
"date": "2016-02-09T03:59:01.070000",
"db": "NVD",
"id": "CVE-2016-1317"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-90136"
},
{
"date": "2016-02-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001416"
},
{
"date": "2016-02-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201602-170"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1317"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-170"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Communications Manager Vulnerability in obtaining information on important database table names and entity names",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001416"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201602-170"
}
],
"trust": 0.6
}
}
VAR-201603-0295
Vulnerability from variot - Updated: 2025-04-13 23:18Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. Successful exploits may allow attackers to cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCus55821
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.7e_3.7.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.13s_3.13.2as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.12s_3.12.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.12s_3.12.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.10s_3.10.1xbs"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.13s_3.13.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.16s_3.16.1as"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8e_3.8.0e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.14s_3.14.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.0xo"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6s_3.6.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.14s_3.14.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.5s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.3e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5s_3.5.2s"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.15s_3.15.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.14s_3.14.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.14s_3.14.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.12s_3.12.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.16s_3.16.0cs"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.0as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.4as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.0as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.0e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8s_3.8.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8s_3.8.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.16s_3.16.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6s_3.6.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5s_3.5.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.3e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.15s_3.15.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.5s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.4s"
},
{
"model": "jr6150",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.15s_3.15.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.6s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.12s_3.12.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.1xo"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5s_3.5.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.16s_3.16.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.7s"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6s_3.6.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.2ts"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8s_3.8.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.1as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.6s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.0e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.15s_3.15.1cs"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.2ae"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.12s_3.12.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.2xo"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.0e"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.0 to 15.5"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.3 to 3.16"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.0-15.5"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.3-3.16"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.1\\\\\\(1\\\\\\)sy5"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.2\\\\\\(1\\\\\\)s2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.2\\\\\\(3\\\\\\)ea"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "BID",
"id": "85310"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
},
{
"db": "NVD",
"id": "CVE-2016-1348"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:ios_xe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "85310"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1348",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1348",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01906",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90167",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1348",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1348",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1348",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01906",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-358",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90167",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-1348",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "VULHUB",
"id": "VHN-90167"
},
{
"db": "VULMON",
"id": "CVE-2016-1348"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
},
{
"db": "NVD",
"id": "CVE-2016-1348"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. \nSuccessful exploits may allow attackers to cause the device to reload, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug ID CSCus55821",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1348"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "BID",
"id": "85310"
},
{
"db": "VULHUB",
"id": "VHN-90167"
},
{
"db": "VULMON",
"id": "CVE-2016-1348"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1348",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1035381",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-358",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01906",
"trust": 0.6
},
{
"db": "BID",
"id": "85310",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-90167",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-1348",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "VULHUB",
"id": "VHN-90167"
},
{
"db": "VULMON",
"id": "CVE-2016-1348"
},
{
"db": "BID",
"id": "85310"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
},
{
"db": "NVD",
"id": "CVE-2016-1348"
}
]
},
"id": "VAR-201603-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "VULHUB",
"id": "VHN-90167"
}
],
"trust": 1.1050624999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
}
]
},
"last_update_date": "2025-04-13T23:18:00.773000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160323-dhcpv6",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-dhcpv6"
},
{
"title": "cisco-sa-20160323-dhcpv6",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/113/1136/1136605_cisco-sa-20160323-dhcpv6-j.html"
},
{
"title": "Patch for CiscoIOS and IOSXESoftwareDHCPv6relay Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/73326"
},
{
"title": "Cisco IOS and IOS XE Software DHCPv6 Relay Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60683"
},
{
"title": "Cisco: Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20160323-dhcpv6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "VULMON",
"id": "CVE-2016-1348"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90167"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"db": "NVD",
"id": "CVE-2016-1348"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160323-dhcpv6"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1035381"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1348"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1348"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
},
{
"trust": 0.3,
"url": "www.cisco.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/85310"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "VULHUB",
"id": "VHN-90167"
},
{
"db": "VULMON",
"id": "CVE-2016-1348"
},
{
"db": "BID",
"id": "85310"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
},
{
"db": "NVD",
"id": "CVE-2016-1348"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "VULHUB",
"id": "VHN-90167"
},
{
"db": "VULMON",
"id": "CVE-2016-1348"
},
{
"db": "BID",
"id": "85310"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
},
{
"db": "NVD",
"id": "CVE-2016-1348"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"date": "2016-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-90167"
},
{
"date": "2016-03-26T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1348"
},
{
"date": "2016-03-23T00:00:00",
"db": "BID",
"id": "85310"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-358"
},
{
"date": "2016-03-26T01:59:02.200000",
"db": "NVD",
"id": "CVE-2016-1348"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-90167"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-1348"
},
{
"date": "2016-03-23T00:00:00",
"db": "BID",
"id": "85310"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001909"
},
{
"date": "2016-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-358"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1348"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS and IOS XE Software DHCPv6 Relay Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01906"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-358"
}
],
"trust": 0.6
}
}
VAR-201603-0329
Vulnerability from variot - Updated: 2025-04-13 23:14Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. Cisco NX-OS is a data center level operating system. An unauthenticated remote attacker exploiting this vulnerability could result in a denial of service on the affected device. The following products are affected: Cisco Nexus 1000V Series Switches, Nexus 3000 Series Switches, Nexus 4000 Series Switches, Nexus 5000 Series Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Unified Computing CSuting running NX-OS Software)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_4i"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_3m"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_1b"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_4g"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_4a"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_3d"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_2r"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_3e"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_3c"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_5f"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_3a"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_2m"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_1i"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_5d"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_5a"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_3f"
},
{
"model": "jr6150",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.5_base"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_1s"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.6_base"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_3s"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_4f"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_1a"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2_1c"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2_1b"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_3b"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_5b"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_1t"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_3i"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_1d"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_4d"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_2a"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_2q"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_5c"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2_2d"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_4k"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_3q"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_3l"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_4j"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_3y"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_1j"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_3a"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_3u"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2_2c"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_1f"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_3c"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "base"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_1q"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2_1d"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_5e"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_3b"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_4l"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_2d"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2_1e"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4_1m"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_2c"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.2_2e"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_4b"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.1_1e"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_1w"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0_1x"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "4.0 to 6.1"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "(ucs)"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1000v"
},
{
"model": "nexus series switche",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5000"
},
{
"model": "nexus series switches",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6000"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0\\\\\\(3\\\\\\)u5\\\\\\(1c\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0\\\\\\(3\\\\\\)u5\\\\\\(1h\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0\\\\\\(3\\\\\\)u5\\\\\\(1a\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6.0\\\\\\(1\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\\\\\(2\\\\\\)e1\\\\\\(1d\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0\\\\\\(3\\\\\\)u5\\\\\\(1b\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.2\\\\\\(5\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.0\\\\\\(3\\\\\\)u5\\\\\\(1d\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.1\\\\\\(2\\\\\\)e1\\\\\\(1b\\\\\\)"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5.2\\\\\\(7\\\\\\)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-009"
},
{
"db": "NVD",
"id": "CVE-2015-0718"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:nx-os",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:unified_computing_system",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
}
]
},
"cve": "CVE-2015-0718",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-0718",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01460",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-78664",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-0718",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0718",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-0718",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01460",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-009",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-78664",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"db": "VULHUB",
"id": "VHN-78664"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-009"
},
{
"db": "NVD",
"id": "CVE-2015-0718"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579. Cisco NX-OS is a data center level operating system. An unauthenticated remote attacker exploiting this vulnerability could result in a denial of service on the affected device. The following products are affected: Cisco Nexus 1000V Series Switches, Nexus 3000 Series Switches, Nexus 4000 Series Switches, Nexus 5000 Series Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Unified Computing CSuting running NX-OS Software)",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0718"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"db": "VULHUB",
"id": "VHN-78664"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0718",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1035159",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035160",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-009",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01460",
"trust": 0.6
},
{
"db": "BID",
"id": "83950",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-78664",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"db": "VULHUB",
"id": "VHN-78664"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-009"
},
{
"db": "NVD",
"id": "CVE-2015-0718"
}
]
},
"id": "VAR-201603-0329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"db": "VULHUB",
"id": "VHN-78664"
}
],
"trust": 1.07560321
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01460"
}
]
},
"last_update_date": "2025-04-13T23:14:21.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160302-netstack",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack"
},
{
"title": "Patch for Cisco NX-OSSoftware Denial of Service Vulnerability (CNVD-2016-01460)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/72208"
},
{
"title": "Cisco NX-OS Software TCP Fix for stack denial of service vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60374"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-009"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78664"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"db": "NVD",
"id": "CVE-2015-0718"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160302-netstack"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035159"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035160"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0718"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0718"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"db": "VULHUB",
"id": "VHN-78664"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-009"
},
{
"db": "NVD",
"id": "CVE-2015-0718"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"db": "VULHUB",
"id": "VHN-78664"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-009"
},
{
"db": "NVD",
"id": "CVE-2015-0718"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"date": "2016-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-78664"
},
{
"date": "2016-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"date": "2016-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-009"
},
{
"date": "2016-03-03T22:59:02.707000",
"db": "NVD",
"id": "CVE-2015-0718"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01460"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-78664"
},
{
"date": "2016-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006993"
},
{
"date": "2016-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-009"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-0718"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-009"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Nexus Device and Unified Computing System Run on Cisco NX-OS Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006993"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-009"
}
],
"trust": 0.6
}
}
VAR-201604-0006
Vulnerability from variot - Updated: 2025-04-13 23:03Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348. Run on multiple devices Cisco TelePresence Server There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCuv01348 It is released as.Malformed by a third party STUN Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco TelePresence Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCuv01348. MSE is a platform (Mobile Service Engine) that can provide Wi-Fi services. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0006",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "emc powerscale onefs",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "8.2.2"
},
{
"model": "jr6150",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.1"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.95\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.97\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.96\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.82\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.98\\\\\\)"
},
{
"model": "telepresence server software",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3.1\\\\\\(1.80\\\\\\)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-038"
},
{
"db": "NVD",
"id": "CVE-2015-6312"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:telepresence_server_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "85879"
}
],
"trust": 0.3
},
"cve": "CVE-2015-6312",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6312",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84273",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6312",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6312",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6312",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-038",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84273",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-038"
},
{
"db": "NVD",
"id": "CVE-2015-6312"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device reload) via malformed STUN packets, aka Bug ID CSCuv01348. Run on multiple devices Cisco TelePresence Server There is a service disruption ( Device reload ) There are vulnerabilities that are put into a state. Vendors have confirmed this vulnerability Bug ID CSCuv01348 It is released as.Malformed by a third party STUN Service disruption via packets ( Device reload ) There is a possibility of being put into a state. Cisco TelePresence Server is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial of service condition, denying service to legitimate users. \nThis issue is being tracked by Cisco bug ID CSCuv01348. MSE is a platform (Mobile Service Engine) that can provide Wi-Fi services. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6312"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"db": "BID",
"id": "85879"
},
{
"db": "VULHUB",
"id": "VHN-84273"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6312",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1035500",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007017",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-038",
"trust": 0.7
},
{
"db": "BID",
"id": "85879",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-84273",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84273"
},
{
"db": "BID",
"id": "85879"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-038"
},
{
"db": "NVD",
"id": "CVE-2015-6312"
}
]
},
"id": "VAR-201604-0006",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84273"
}
],
"trust": 0.5050625
},
"last_update_date": "2025-04-13T23:03:07.501000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160406-cts2",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2"
},
{
"title": "Cisco TelePresence Server Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60773"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-038"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"db": "NVD",
"id": "CVE-2015-6312"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160406-cts2"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035500"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6312"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6312"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84273"
},
{
"db": "BID",
"id": "85879"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-038"
},
{
"db": "NVD",
"id": "CVE-2015-6312"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84273"
},
{
"db": "BID",
"id": "85879"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-038"
},
{
"db": "NVD",
"id": "CVE-2015-6312"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-06T00:00:00",
"db": "VULHUB",
"id": "VHN-84273"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85879"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-038"
},
{
"date": "2016-04-06T23:59:00.113000",
"db": "NVD",
"id": "CVE-2015-6312"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-84273"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85879"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007017"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-038"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6312"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-038"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Run on multiple devices Cisco TelePresence Server Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-038"
}
],
"trust": 0.6
}
}
VAR-201603-0294
Vulnerability from variot - Updated: 2025-04-13 22:55Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. Vendors have confirmed this vulnerability Bug ID CSCuj23293 It is released as.Malformed by a third party SIP Service disruption via message ( Device reload ) There is a possibility of being put into a state. An attacker can exploit this issue to cause the device to reload, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCuj23293 and CSCuv39370. Session Initiation Protocol (SIP) is one of the session initiation protocols. There are security vulnerabilities in the SIP protocol of several Cisco products. The following products and versions are affected: Cisco IOS Release 15.3, Release 15.4, IOS XE Release 3.8 to Release 3.11, CUCM Release 8.x, Release 9.x, Release 10.x, Release 11.x
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ios xe",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.9.0as"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9.1as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.1s"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.1xbs"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10.2s"
},
{
"model": "thinkcentre e75s",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "m16kt61a"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11.0s"
},
{
"model": "unified communications manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "11.x"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "11.0(1)su1"
},
{
"model": "unified communications manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "10.x"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.8 to 3.11"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "10.5(2)su3"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "8.x"
},
{
"model": "unified communications manager",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco",
"version": "9.x"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.1(2)su4"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.4"
},
{
"model": "unified communications manager 8.0 su1",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager 8.0",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.3\\\\\\(2\\\\\\)s0a"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.3\\\\\\(1\\\\\\)t2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.3\\\\\\(2\\\\\\)t"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.3\\\\\\(2\\\\\\)t1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.3\\\\\\(2\\\\\\)s2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.4\\\\\\(1\\\\\\)t"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.3\\\\\\(1\\\\\\)t"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.3\\\\\\(1\\\\\\)t1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.3\\\\\\(2\\\\\\)t2"
},
{
"model": "automation stratix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "59000"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6.2"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6.1"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "9.1.(2.10000.28)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6.3"
},
{
"model": "unified communications manager be3k",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6(4)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6(4)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6(3)"
},
{
"model": "unified communications manager 8.6 su3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager 8.6",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.6(1)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.5.1"
},
{
"model": "unified communications manager 8.5 su4",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager 8.5 su1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.4"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.1"
},
{
"model": "unified communications manager 8.0 su3",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(3)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(2)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(1)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "8.0(0.98000.106)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.5(0.98000.480)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "11.0(0.98000.225)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(0.98000.88)"
},
{
"model": "unified communications manager",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "10.5(1.98991.13)"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "automation stratix",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "590015.6.3"
},
{
"model": "unified communications manager 9.1 su4",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager 11.0 su1",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified communications manager 10.5 su3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "85372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-356"
},
{
"db": "NVD",
"id": "CVE-2016-1350"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:ios_xe",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:unified_communications_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "85372"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1350",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-1350",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90169",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-1350",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1350",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1350",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-356",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90169",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90169"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-356"
},
{
"db": "NVD",
"id": "CVE-2016-1350"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. Vendors have confirmed this vulnerability Bug ID CSCuj23293 It is released as.Malformed by a third party SIP Service disruption via message ( Device reload ) There is a possibility of being put into a state. \nAn attacker can exploit this issue to cause the device to reload, denying service to legitimate users. \nThis issue is being tracked by Cisco Bug IDs CSCuj23293 and CSCuv39370. Session Initiation Protocol (SIP) is one of the session initiation protocols. There are security vulnerabilities in the SIP protocol of several Cisco products. The following products and versions are affected: Cisco IOS Release 15.3, Release 15.4, IOS XE Release 3.8 to Release 3.11, CUCM Release 8.x, Release 9.x, Release 10.x, Release 11.x",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1350"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"db": "BID",
"id": "85372"
},
{
"db": "VULHUB",
"id": "VHN-90169"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1350",
"trust": 2.8
},
{
"db": "BID",
"id": "85372",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1035420",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1035421",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001911",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-356",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-17-094-04",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90169",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90169"
},
{
"db": "BID",
"id": "85372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-356"
},
{
"db": "NVD",
"id": "CVE-2016-1350"
}
]
},
"id": "VAR-201603-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90169"
}
],
"trust": 0.69181416
},
"last_update_date": "2025-04-13T22:55:23.488000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160323-sip",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-sip"
},
{
"title": "cisco-sa-20160323-sip",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/113/1136/1136603_cisco-sa-20160323-sip-j.html"
},
{
"title": "Multiple Cisco product Session Initiation Protocol Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60681"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-356"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90169"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"db": "NVD",
"id": "CVE-2016-1350"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160323-sip"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/85372"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035420"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035421"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1350"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1350"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
},
{
"trust": 0.3,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160323-sip "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90169"
},
{
"db": "BID",
"id": "85372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-356"
},
{
"db": "NVD",
"id": "CVE-2016-1350"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90169"
},
{
"db": "BID",
"id": "85372"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-356"
},
{
"db": "NVD",
"id": "CVE-2016-1350"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-90169"
},
{
"date": "2016-03-23T00:00:00",
"db": "BID",
"id": "85372"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-356"
},
{
"date": "2016-03-26T01:59:04.090000",
"db": "NVD",
"id": "CVE-2016-1350"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-90169"
},
{
"date": "2017-05-23T16:23:00",
"db": "BID",
"id": "85372"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001911"
},
{
"date": "2016-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-356"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1350"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-356"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS and Unified Communications Manager Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-356"
}
],
"trust": 0.6
}
}
VAR-201603-0292
Vulnerability from variot - Updated: 2025-04-13 22:13The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. A security vulnerability exists in the fragmentation code for the IKE2 version in CiscoIOS and IOSXESoftware because the program failed to properly handle fragmented IKEv2 packets. A remote attacker could exploit the vulnerability by sending a specially crafted UDP packet to cause a denial of service. This issue is being tracked by Cisco Bug ID CSCux38417. Note: The traffic only to the directed system can be exploited by this issue. The vulnerability can be triggered by IPv4 and IPv6 traffic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0292",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "keymouse",
"scope": "eq",
"trust": 1.0,
"vendor": "zzinc",
"version": "3.08"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3sg_3.3.1sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.2as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8e_3.8.0e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.14s_3.14.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.0xo"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6s_3.6.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.1sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.5s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.14s_3.14.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.12s_3.12.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4s_3.4.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.3e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4s_3.4.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5s_3.5.2s"
},
{
"model": "x14j",
"scope": "eq",
"trust": 1.0,
"vendor": "samsung",
"version": "t-ms14jakucb-1102.5"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.15s_3.15.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.14s_3.14.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.14s_3.14.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4s_3.4.0as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.16s_3.16.1as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3s_3.3.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.12s_3.12.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.16s_3.16.0cs"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.0as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.4as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.0as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.0e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8s_3.8.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.3sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8s_3.8.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.12s_3.12.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4s_3.4.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.13s_3.13.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.16s_3.16.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.0sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.7sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6s_3.6.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8e_3.8.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3sg_3.3.0sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5s_3.5.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.2sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.3e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3s_3.3.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.15s_3.15.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.6sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.5s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.4s"
},
{
"model": "jr6150",
"scope": "lt",
"trust": 1.0,
"vendor": "netgear",
"version": "2017-01-06"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.3e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4s_3.4.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4s_3.4.6s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.15s_3.15.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.6s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.12s_3.12.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.1xo"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5s_3.5.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3s_3.3.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.0s"
},
{
"model": "thinkcentre e75s",
"scope": "lt",
"trust": 1.0,
"vendor": "lenovo",
"version": "m16kt61a"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.16s_3.16.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.7s"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "snv_124"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.2s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.2e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6s_3.6.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.5sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.1e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7s_3.7.2ts"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.8s_3.8.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.9s_3.9.1as"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.1xbs"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.6s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.17s_3.17.0s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.5e_3.5.0e"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.15s_3.15.1cs"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.6e_3.6.2ae"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3sg_3.3.2sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4s_3.4.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4sg_3.4.4sg"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.4s_3.4.5s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.12s_3.12.3s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.10s_3.10.4s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.11s_3.11.1s"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.3xo_3.3.2xo"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.7e_3.7.0e"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "15.0 to 15.6"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "3.3 to 3.17"
},
{
"model": "ios",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.1\\\\\\(2\\\\\\)sg6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.5\\\\\\(1\\\\\\)s1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.2\\\\\\(2a\\\\\\)e1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.2\\\\\\(4\\\\\\)m6a"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.2\\\\\\(1\\\\\\)sy1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.2\\\\\\(2\\\\\\)e2"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.4\\\\\\(3\\\\\\)s3"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.5\\\\\\(1\\\\\\)t1"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.2\\\\\\(4\\\\\\)gc"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "15.4\\\\\\(1\\\\\\)t4"
},
{
"model": "automation stratix",
"scope": "eq",
"trust": 0.3,
"vendor": "rockwell",
"version": "59000"
},
{
"model": "ios xe software",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "automation stratix",
"scope": "ne",
"trust": 0.3,
"vendor": "rockwell",
"version": "590015.6.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"db": "BID",
"id": "85311"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-354"
},
{
"db": "NVD",
"id": "CVE-2016-1344"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:ios",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:cisco:ios_xe",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "85311"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1344",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2016-1344",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01920",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-90163",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2016-1344",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1344",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-1344",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01920",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-354",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90163",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"db": "VULHUB",
"id": "VHN-90163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-354"
},
{
"db": "NVD",
"id": "CVE-2016-1344"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. Both Cisco IOS and IOSXESoftware are operating systems developed by Cisco for its network devices. A security vulnerability exists in the fragmentation code for the IKE2 version in CiscoIOS and IOSXESoftware because the program failed to properly handle fragmented IKEv2 packets. A remote attacker could exploit the vulnerability by sending a specially crafted UDP packet to cause a denial of service. \nThis issue is being tracked by Cisco Bug ID CSCux38417. \nNote: The traffic only to the directed system can be exploited by this issue. The vulnerability can be triggered by IPv4 and IPv6 traffic",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1344"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"db": "BID",
"id": "85311"
},
{
"db": "VULHUB",
"id": "VHN-90163"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1344",
"trust": 3.4
},
{
"db": "BID",
"id": "85311",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1035382",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-354",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01920",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-17-094-04",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-90163",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"db": "VULHUB",
"id": "VHN-90163"
},
{
"db": "BID",
"id": "85311"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-354"
},
{
"db": "NVD",
"id": "CVE-2016-1344"
}
]
},
"id": "VAR-201603-0292",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"db": "VULHUB",
"id": "VHN-90163"
}
],
"trust": 1.1984383299999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01920"
}
]
},
"last_update_date": "2025-04-13T22:13:28.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160323-ios-ikev2",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160323-ios-ikev2"
},
{
"title": "cisco-sa-20160323-ios-ikev2",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/113/1136/1136604_cisco-sa-20160323-ios-ikev2-j.html"
},
{
"title": "Patch for CiscoIOS and IOSXESoftwareInternetKeyExchange Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/73328"
},
{
"title": "Cisco IOS and IOS XE Software IKEv2 Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60679"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90163"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"db": "NVD",
"id": "CVE-2016-1344"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160323-ios-ikev2"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/85311"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035382"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1344"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1344"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-094-04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"db": "VULHUB",
"id": "VHN-90163"
},
{
"db": "BID",
"id": "85311"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-354"
},
{
"db": "NVD",
"id": "CVE-2016-1344"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"db": "VULHUB",
"id": "VHN-90163"
},
{
"db": "BID",
"id": "85311"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-354"
},
{
"db": "NVD",
"id": "CVE-2016-1344"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"date": "2016-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-90163"
},
{
"date": "2016-03-23T00:00:00",
"db": "BID",
"id": "85311"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"date": "2016-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-354"
},
{
"date": "2016-03-26T01:59:01.247000",
"db": "NVD",
"id": "CVE-2016-1344"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01920"
},
{
"date": "2017-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-90163"
},
{
"date": "2017-05-23T16:23:00",
"db": "BID",
"id": "85311"
},
{
"date": "2016-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001908"
},
{
"date": "2016-03-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-354"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-1344"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-354"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IOS and IOS XE of IKEv2 Denial of service in implementation (DoS) Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-354"
}
],
"trust": 0.6
}
}
VAR-201603-0159
Vulnerability from variot - Updated: 2025-04-12 23:30Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. Cisco NX-OS is a data center level operating system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.1(1)n1(1)"
},
{
"model": "nx-os on nexus platform switches 7.1 n1",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5600"
},
{
"model": "nx-os on nexus series switches 7.1 n1",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "6000"
},
{
"model": "nx-os",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.1\\\\\\(1\\\\\\)n1\\\\\\(1\\\\\\)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-012"
},
{
"db": "NVD",
"id": "CVE-2015-6260"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:nx-os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
}
]
},
"cve": "CVE-2015-6260",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-6260",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-01459",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-84221",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-6260",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-6260",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-6260",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01459",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-012",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84221",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"db": "VULHUB",
"id": "VHN-84221"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-012"
},
{
"db": "NVD",
"id": "CVE-2015-6260"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. Cisco NX-OS is a data center level operating system",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6260"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"db": "VULHUB",
"id": "VHN-84221"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6260",
"trust": 3.1
},
{
"db": "SECTRACK",
"id": "1035158",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201603-012",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01459",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-84221",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"db": "VULHUB",
"id": "VHN-84221"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-012"
},
{
"db": "NVD",
"id": "CVE-2015-6260"
}
]
},
"id": "VAR-201603-0159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"db": "VULHUB",
"id": "VHN-84221"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01459"
}
]
},
"last_update_date": "2025-04-12T23:30:38.923000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160302-n5ksnmp",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-n5ksnmp"
},
{
"title": "Patch for Cisco NX-OSSoftware Denial of Service Vulnerability (CNVD-2016-01459)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/72207"
},
{
"title": "Cisco NX-OS Software SNMP Fixes for packet denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60377"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84221"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"db": "NVD",
"id": "CVE-2015-6260"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160302-n5ksnmp"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1035158"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6260"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6260"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"db": "VULHUB",
"id": "VHN-84221"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-012"
},
{
"db": "NVD",
"id": "CVE-2015-6260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"db": "VULHUB",
"id": "VHN-84221"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-012"
},
{
"db": "NVD",
"id": "CVE-2015-6260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"date": "2016-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-84221"
},
{
"date": "2016-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"date": "2016-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-012"
},
{
"date": "2016-03-03T22:59:08.693000",
"db": "NVD",
"id": "CVE-2015-6260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01459"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-84221"
},
{
"date": "2016-03-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007000"
},
{
"date": "2016-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-012"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-6260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Nexus Run on device Cisco NX-OS Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007000"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-012"
}
],
"trust": 0.6
}
}
VAR-201512-0074
Vulnerability from variot - Updated: 2025-04-12 23:08The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Belkin N600 DB Wireless Dual Band N+ failed to set a default password for the web management interface, allowing an attacker to exploit the vulnerability to gain access to the web management interface or to implement cross-site request forgery attacks. A Predictable Random Number Generator Weakness 2. An information-disclosure vulnerability 3. A security-bypass vulnerability 4. An authentication-bypass vulnerability 5. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n600 db wireless dual band n+ router",
"scope": "lte",
"trust": 0.6,
"vendor": "belkin",
"version": "\u003c=2.10.17"
},
{
"model": "n600 db wi-fi dual-band n\\\\\\+ router f9k1102",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.10.17"
},
{
"model": "n600 db wi-fi dual-band n+ f9k1102v2",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "2.10.17"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of CERT/CC",
"sources": [
{
"db": "BID",
"id": "76530"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-5988",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06130",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-83949",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-5988",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5988",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2015-06130",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-211",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-83949",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Belkin N600 DB Wireless Dual Band N+ failed to set a default password for the web management interface, allowing an attacker to exploit the vulnerability to gain access to the web management interface or to implement cross-site request forgery attacks. A Predictable Random Number Generator Weakness\n2. An information-disclosure vulnerability\n3. A security-bypass vulnerability\n4. An authentication-bypass vulnerability\n5. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5988"
},
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "VULHUB",
"id": "VHN-83949"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2015-5988",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06130",
"trust": 0.6
},
{
"db": "BID",
"id": "76530",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83949",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"id": "VAR-201512-0074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06130"
}
]
},
"last_update_date": "2025-04-12T23:08:59.541000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.kb.cert.org/vuls/id/201168"
},
{
"trust": 1.4,
"url": "http://www.belkin.com/us/support-search?search=f9k1102v2"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4868"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83949"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"date": "2015-12-31T16:59:02",
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83949"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
}
],
"trust": 0.6
}
}
VAR-201512-0073
Vulnerability from variot - Updated: 2025-04-12 23:08Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. The Belkin N600 is a wireless dual-band router product. This allows a remote attacker to exploit this vulnerability to respond to spoofing by predicting the value. Belkin N600 DB Wi-Fi Dual-Band N+ Router is prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness 2. An information-disclosure vulnerability 3. A security-bypass vulnerability 4. An authentication-bypass vulnerability 5. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "f9k1102 devices with",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "22.10.17"
},
{
"model": "n600 db wi-fi dual-band n\\\\\\+ router f9k1102",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.10.17"
},
{
"model": "n600 db wi-fi dual-band n+ f9k1102v2",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "2.10.17"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of CERT/CC",
"sources": [
{
"db": "BID",
"id": "76530"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5987",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00036",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-83948",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2015-5987",
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-210",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83948",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. The Belkin N600 is a wireless dual-band router product. This allows a remote attacker to exploit this vulnerability to respond to spoofing by predicting the value. Belkin N600 DB Wi-Fi Dual-Band N+ Router is prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness\n2. An information-disclosure vulnerability\n3. A security-bypass vulnerability\n4. An authentication-bypass vulnerability\n5. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5987"
},
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "VULHUB",
"id": "VHN-83948"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2015-5987",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00036",
"trust": 0.6
},
{
"db": "BID",
"id": "76530",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83948",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"id": "VAR-201512-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00036"
}
]
},
"last_update_date": "2025-04-12T23:08:59.510000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.kb.cert.org/vuls/id/201168"
},
{
"trust": 1.4,
"url": "http://www.belkin.com/us/support-search?search=f9k1102v2"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4868"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5987"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2016-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83948"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"date": "2015-12-31T16:59:01.033000",
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2016-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83948"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
}
],
"trust": 0.6
}
}
VAR-201512-0076
Vulnerability from variot - Updated: 2025-04-12 23:08Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. A Predictable Random Number Generator Weakness 2. An information-disclosure vulnerability 3. A security-bypass vulnerability 4. An authentication-bypass vulnerability 5. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n600 db wireless dual band n+ router",
"scope": "lte",
"trust": 0.6,
"vendor": "belkin",
"version": "\u003c=2.10.17"
},
{
"model": "n600 db wi-fi dual-band n\\\\\\+ router f9k1102",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.10.17"
},
{
"model": "n600 db wi-fi dual-band n+ f9k1102v2",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "2.10.17"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of CERT/CC",
"sources": [
{
"db": "BID",
"id": "76530"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-5990",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06132",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-83951",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2015-5990",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06132",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83951",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. A Predictable Random Number Generator Weakness\n2. An information-disclosure vulnerability\n3. A security-bypass vulnerability\n4. An authentication-bypass vulnerability\n5. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5990"
},
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "VULHUB",
"id": "VHN-83951"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2015-5990",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06132",
"trust": 0.6
},
{
"db": "BID",
"id": "76530",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83951",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"id": "VAR-201512-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06132"
}
]
},
"last_update_date": "2025-04-12T23:08:59.476000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.kb.cert.org/vuls/id/201168"
},
{
"trust": 1.4,
"url": "http://www.belkin.com/us/support-search?search=f9k1102v2"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4868"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83951"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"date": "2015-12-31T16:59:04.220000",
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83951"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N600 DB Wireless Dual Band N+ Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
}
],
"trust": 0.6
}
}
VAR-201512-0075
Vulnerability from variot - Updated: 2025-04-12 23:08Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Belkin N600 DB Wireless Dual Band N+ has a security vulnerability that allows an attacker to intercept packets on the embedded server side containing 'LockStatus:1' and 'Login_Success:0' strings and set the values to '2' and '1 'Bypass authentication, no unauthorized access. A Predictable Random Number Generator Weakness 2. An information-disclosure vulnerability 3. A security-bypass vulnerability 4. An authentication-bypass vulnerability 5. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to gain administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n600 db wireless dual band n+ router",
"scope": "lte",
"trust": 0.6,
"vendor": "belkin",
"version": "\u003c=2.10.17"
},
{
"model": "n600 db wi-fi dual-band n\\\\\\+ router f9k1102",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.10.17"
},
{
"model": "n600 db wi-fi dual-band n+ f9k1102v2",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "2.10.17"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of CERT/CC",
"sources": [
{
"db": "BID",
"id": "76530"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5989",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06131",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83950",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2015-5989",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-5989",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2015-06131",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-212",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-83950",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Belkin N600 DB Wireless Dual Band N+ has a security vulnerability that allows an attacker to intercept packets on the embedded server side containing \u0027LockStatus:1\u0027 and \u0027Login_Success:0\u0027 strings and set the values to \u00272\u0027 and \u00271 \u0027Bypass authentication, no unauthorized access. A Predictable Random Number Generator Weakness\n2. An information-disclosure vulnerability\n3. A security-bypass vulnerability\n4. An authentication-bypass vulnerability\n5. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to gain administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5989"
},
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "VULHUB",
"id": "VHN-83950"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2015-5989",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06131",
"trust": 0.6
},
{
"db": "BID",
"id": "76530",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83950",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"id": "VAR-201512-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06131"
}
]
},
"last_update_date": "2025-04-12T23:08:59.444000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.kb.cert.org/vuls/id/201168"
},
{
"trust": 1.4,
"url": "http://www.belkin.com/us/support-search?search=f9k1102v2"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4868"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83950"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"date": "2015-12-31T16:59:03.250000",
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83950"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
}
],
"trust": 0.6
}
}
VAR-201911-1313
Vulnerability from variot - Updated: 2024-11-23 23:11An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. Zyxel GS1900 The device firmware contains an information disclosure vulnerability from the cache.Information may be obtained. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-8",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-16",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-10hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8hp_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
}
]
},
"cve": "CVE-2019-15801",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15801",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41671",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15801",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15801",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15801",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15801",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41671",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-993",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-15801",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware image contains encrypted passwords that are used to authenticate users wishing to access a diagnostics or password-recovery menu. Using the hardcoded cryptographic key found elsewhere in the firmware, these passwords can be decrypted. This is related to fds_sys_passDebugPasswd_ret() and fds_sys_passRecoveryPasswd_ret() in libfds.so.0.0. Zyxel GS1900 The device firmware contains an information disclosure vulnerability from the cache.Information may be obtained. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15801",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41671",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-15801",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"id": "VAR-201911-1313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
}
]
},
"last_update_date": "2024-11-23T23:11:37.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for ZyXEL GS1900 uses hardcoded password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191497"
},
{
"title": "ZyXEL GS1900 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102963"
},
{
"title": "CVE-2019-15802",
"trust": 0.1,
"url": "https://github.com/jasperla/CVE-2019-15802 "
},
{
"title": "realtek_turnkey_decrypter",
"trust": 0.1,
"url": "https://github.com/jasperla/realtek_turnkey_decrypter "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15801"
},
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 1.7,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15801"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/jasperla/cve-2019-15802"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
},
{
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"date": "2019-11-14T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-993"
},
{
"date": "2019-11-14T21:15:11.750000",
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41671"
},
{
"date": "2021-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2019-15801"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012184"
},
{
"date": "2019-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-993"
},
{
"date": "2024-11-21T04:29:29.637000",
"db": "NVD",
"id": "CVE-2019-15801"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Device firmware vulnerable to information disclosure from cache",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012184"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-993"
}
],
"trust": 0.6
}
}
VAR-201911-1312
Vulnerability from variot - Updated: 2024-11-23 23:08An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.). Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security vulnerability exists in Zyxel GS1900 using firmware version 2.50 (AAHH.0) prior to C0, which is due to missing input in the 'cmd_sys_traceroute_exec()', 'cmd_sys_arp_clear()', and 'cmd_sys_ping_exec()' functions in the libclicmd.so library Verification check. An attacker could exploit this vulnerability to execute arbitrary code on the switch
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1312",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-10hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8hp_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
}
]
},
"cve": "CVE-2019-15800",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15800",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41672",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15800",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15800",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15800",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-15800",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-41672",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-992",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Due to lack of input validation in the cmd_sys_traceroute_exec(), cmd_sys_arp_clear(), and cmd_sys_ping_exec() functions in the libclicmd.so library contained in the firmware, an attacker could leverage these functions to call system() and execute arbitrary commands on the switches. (Note that these functions are currently not called in this version of the firmware, however an attacker could use other vulnerabilities to finally use these vulnerabilities to gain code execution.). Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security vulnerability exists in Zyxel GS1900 using firmware version 2.50 (AAHH.0) prior to C0, which is due to missing input in the \u0027cmd_sys_traceroute_exec()\u0027, \u0027cmd_sys_arp_clear()\u0027, and \u0027cmd_sys_ping_exec()\u0027 functions in the libclicmd.so library Verification check. An attacker could exploit this vulnerability to execute arbitrary code on the switch",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15800"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "CNVD",
"id": "CNVD-2019-41672"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15800",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41672",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"id": "VAR-201911-1312",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
}
]
},
"last_update_date": "2024-11-23T23:08:12.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41672)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191499"
},
{
"title": "ZyXEL GS1900 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103376"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15800"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15800"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
},
{
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-992"
},
{
"date": "2019-11-14T21:15:11.687000",
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41672"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012183"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-992"
},
{
"date": "2024-11-21T04:29:29.487000",
"db": "NVD",
"id": "CVE-2019-15800"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerability related to input validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012183"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-992"
}
],
"trust": 0.6
}
}
VAR-201911-1314
Vulnerability from variot - Updated: 2024-11-23 23:04An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware. Zyxel GS1900 Device firmware contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 with this version of firmware prior to 2.50 (AAHH.0)C0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-8",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-16",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-10hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8hp_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
}
]
},
"cve": "CVE-2019-15802",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-15802",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41670",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2019-15802",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15802",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15802",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-15802",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-41670",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-994",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. The firmware hashes and encrypts passwords using a hardcoded cryptographic key in sal_util_str_encrypt() in libsal.so.0.0. The parameters (salt, IV, and key data) are used to encrypt and decrypt all passwords using AES256 in CBC mode. With the parameters known, all previously encrypted passwords can be decrypted. This includes the passwords that are part of configuration backups or otherwise embedded as part of the firmware. Zyxel GS1900 Device firmware contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 with this version of firmware prior to 2.50 (AAHH.0)C0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15802"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNVD",
"id": "CNVD-2019-41670"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15802",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41670",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"id": "VAR-201911-1314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
}
]
},
"last_update_date": "2024-11-23T23:04:35.455000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41670)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191503"
},
{
"title": "ZyXEL GS1900 Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103487"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15802"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15802"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
},
{
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-994"
},
{
"date": "2019-11-14T21:15:11.797000",
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41670"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012252"
},
{
"date": "2019-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-994"
},
{
"date": "2024-11-21T04:29:29.790000",
"db": "NVD",
"id": "CVE-2019-15802"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerabilities related to the use of hard-coded credentials in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012252"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-994"
}
],
"trust": 0.6
}
}
VAR-201911-1311
Vulnerability from variot - Updated: 2024-11-23 22:58An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. Zyxel GS1900 There is a privilege management vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit the vulnerability to obtain an administrative password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1311",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-8",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 1.2,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-16",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
},
{
"model": "gs1900-10hp",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-10hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8hp_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
}
]
},
"cve": "CVE-2019-15799",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-15799",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41667",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-15799",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15799",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15799",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15799",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41667",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-991",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. User accounts created through the web interface of the device, when given non-admin level privileges, have the same level of privileged access as administrators when connecting to the device via SSH (while their permissions via the web interface are in fact restricted). This allows normal users to obtain the administrative password by running the tech-support command via the CLI: this contains the encrypted passwords for all users on the device. As these passwords are encrypted using well-known and static parameters, they can be decrypted and the original passwords (including the administrator password) can be obtained. Zyxel GS1900 There is a privilege management vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit the vulnerability to obtain an administrative password",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15799"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNVD",
"id": "CNVD-2019-41667"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15799",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41667",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"id": "VAR-201911-1311",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
}
]
},
"last_update_date": "2024-11-23T22:58:28.526000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerabilities in ZyXEL GS1900",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191511"
},
{
"title": "ZyXEL GS1900 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102961"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15799"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 1.6,
"url": "https://vimeo.com/354726424"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15799"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
},
{
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-991"
},
{
"date": "2019-11-14T21:15:11.623000",
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41667"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012187"
},
{
"date": "2019-12-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-991"
},
{
"date": "2024-11-21T04:29:29.333000",
"db": "NVD",
"id": "CVE-2019-15799"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerability related to privilege management in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012187"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-991"
}
],
"trust": 0.6
}
}
VAR-201911-1316
Vulnerability from variot - Updated: 2024-11-23 22:05An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. Zyxel GS1900 An input validation vulnerability exists in the device firmware.Information may be altered. ZyXEL GS1900 is a managed switch of ZyXEL Corporation in Taiwan.
There is a security vulnerability in Zyxel GS1900 using firmware versions prior to 2.50 (AAHH.0) C0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1316",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-10hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8hp_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
}
]
},
"cve": "CVE-2019-15804",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15804",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-28447",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15804",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-15804",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15804",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-15804",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-28447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-996",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains \"Password recovery for specific user\" options. The menu is believed to be accessible using a serial console. Zyxel GS1900 An input validation vulnerability exists in the device firmware.Information may be altered. ZyXEL GS1900 is a managed switch of ZyXEL Corporation in Taiwan. \n\r\n\r\nThere is a security vulnerability in Zyxel GS1900 using firmware versions prior to 2.50 (AAHH.0) C0",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15804"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "CNVD",
"id": "CNVD-2020-28447"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15804",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-28447",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"id": "VAR-201911-1316",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
}
]
},
"last_update_date": "2024-11-23T22:05:56.336000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/GS1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for ZyXEL GS1900 input verification error vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/217693"
},
{
"title": "ZyXEL GS1900 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103378"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15804"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15804"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
},
{
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-996"
},
{
"date": "2019-11-14T21:15:11.953000",
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-05-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-28447"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012186"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-996"
},
{
"date": "2024-11-21T04:29:30.103000",
"db": "NVD",
"id": "CVE-2019-15804"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Input validation vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012186"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-996"
}
],
"trust": 0.6
}
}
VAR-201911-1315
Vulnerability from variot - Updated: 2024-11-23 21:59An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information may be obtained and information may be altered. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan.
A security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit this vulnerability to access restricted features
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahk.0\\)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahl.0\\)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahm.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahj.0\\)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aaho.0\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahh.0\\)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahi.0\\)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aahn.0\\)c0"
},
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 0.8,
"vendor": "zyxel",
"version": "2.50(aahh.0)c0"
},
{
"model": "gs1900 \u003c2.50 c0",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-10hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-16_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24e_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-24hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-48hp_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:zyxel:gs1900-8hp_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
}
]
},
"cve": "CVE-2019-15803",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-15803",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41669",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-15803",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15803",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-15803",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-15803",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2019-41669",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-995",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. Through an undocumented sequence of keypresses, undocumented functionality is triggered. A diagnostics shell is triggered via CTRL-ALT-t, which prompts for the password returned by fds_sys_passDebugPasswd_ret(). The firmware contains access control checks that determine if remote users are allowed to access this functionality. The function that performs this check (fds_sys_remoteDebugEnable_ret in libfds.so) always return TRUE with no actual checks performed. The diagnostics menu allows for reading/writing arbitrary registers and various other configuration parameters which are believed to be related to the network interface chips. Zyxel GS1900 There is an input validation vulnerability in the device firmware.Information may be obtained and information may be altered. The ZyXEL GS1900 is a managed switch from ZyXEL, Taiwan. \n\nA security hole exists in the Zyxel GS1900 using firmware 2.50 (AAHH.0) prior to C0. An attacker could exploit this vulnerability to access restricted features",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15803"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15803",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-41669",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"id": "VAR-201911-1315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
}
]
},
"last_update_date": "2024-11-23T21:59:37.896000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel security advisory for GS1900 switch vulnerabilities",
"trust": 0.8,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"title": "Patch for Unknown vulnerability in ZyXEL GS1900 (CNVD-2019-41669)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191507"
},
{
"title": "ZyXEL GS1900 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=103377"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15803"
},
{
"trust": 1.6,
"url": "https://jasper.la/exploring-zyxel-gs1900-firmware-with-ghidra.html"
},
{
"trust": 1.6,
"url": "https://www.zyxel.com/support/gs1900-switch-vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15803"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"date": "2019-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"date": "2019-11-14T21:15:11.890000",
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41669"
},
{
"date": "2019-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012185"
},
{
"date": "2020-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-995"
},
{
"date": "2024-11-21T04:29:29.943000",
"db": "NVD",
"id": "CVE-2019-15803"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Vulnerability related to input validation in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012185"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-995"
}
],
"trust": 0.6
}
}
VAR-202112-2078
Vulnerability from variot - Updated: 2024-08-14 14:18A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel in Taiwan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aazi.0\\)-20211208"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahh.0\\)-20211208"
},
{
"model": "gs1900-48hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abtq.0\\)-20211208"
},
{
"model": "gs1900-24hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aatp.0\\)-20211208"
},
{
"model": "gs1900-24ep",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abto.0\\)-20211208"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahk.0\\)-20211208"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahl.0\\)-20211208"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aaho.0\\)-20211208"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahm.0\\)-20211208"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahi.0\\)-20211208"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahj.0\\)-20211208"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahn.0\\)-20211208"
},
{
"model": "gs1900-24hpv2",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24ep",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-48",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-16",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24e",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900",
"scope": "eq",
"trust": 0.6,
"vendor": "zyxel",
"version": "2.60"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"cve": "CVE-2021-35032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-35032",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-09789",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-35032",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "security@zyxel.com.tw",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2021-35032",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-35032",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35032",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@zyxel.com.tw",
"id": "CVE-2021-35032",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-35032",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-09789",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2727",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-35032",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the \u0027libsal.so\u0027 of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user to execute arbitrary OS commands via a crafted function call. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel in Taiwan",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35032",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-09789",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010304",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35032",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"id": "VAR-202112-2078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
}
]
},
"last_update_date": "2024-08-14T14:18:11.922000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel\u00a0security\u00a0advisory\u00a0for\u00a0OS\u00a0command\u00a0injection\u00a0vulnerabilities\u00a0of\u00a0GS1900,\u00a0XGS1210,\u00a0and\u00a0XGS1250\u00a0series\u00a0switches",
"trust": 0.8,
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerabilities-of-gs1900-xgs1210-and-xgs1250-series-switches"
},
{
"title": "Patch for Zyxel GS1900 Operating System Command Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/318816"
},
{
"title": "Zyxel GS1900 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176844"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35032"
},
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/zyxel_security_advisory_for_os_command_injection_vulnerabilities_of_switches.shtml"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010304"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
},
{
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"date": "2023-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"date": "2021-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2727"
},
{
"date": "2021-12-28T11:15:07.583000",
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-02-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"date": "2022-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35032"
},
{
"date": "2023-01-17T01:33:00",
"db": "JVNDB",
"id": "JVNDB-2021-017331"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2727"
},
{
"date": "2022-01-07T17:01:25.907000",
"db": "NVD",
"id": "CVE-2021-35032"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zyxel GS1900 Operating System Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-09789"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2727"
}
],
"trust": 0.6
}
}
VAR-202112-2079
Vulnerability from variot - Updated: 2024-08-14 14:18A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel, Taiwan.
An access control error vulnerability exists in several Zyxel products. The vulnerability is caused by the product's TFTP client not adding permission control to the function of executing system commands. An attacker can use this vulnerability to execute arbitrary operating system commands after logging in
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202112-2079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aazi.0\\)-20211208"
},
{
"model": "xgs1250-12",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "1.00\\(abwe.1\\)c0"
},
{
"model": "gs1900-8",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahh.0\\)-20211208"
},
{
"model": "gs1900-48hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abtq.0\\)-20211208"
},
{
"model": "xgs1210-12",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "1.00\\(abty.5\\)c0"
},
{
"model": "gs1900-24hpv2",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aatp.0\\)-20211208"
},
{
"model": "gs1900-24ep",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(abto.0\\)-20211208"
},
{
"model": "gs1900-24e",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahk.0\\)-20211208"
},
{
"model": "gs1900-24",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahl.0\\)-20211208"
},
{
"model": "gs1900-48hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aaho.0\\)-20211208"
},
{
"model": "gs1900-24hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahm.0\\)-20211208"
},
{
"model": "gs1900-8hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahi.0\\)-20211208"
},
{
"model": "gs1900-16",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahj.0\\)-20211208"
},
{
"model": "gs1900-48",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.70\\(aahn.0\\)-20211208"
},
{
"model": "gs1900-24hpv2",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24ep",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-48",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-16",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-10hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-8hp",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900-24e",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "gs1900",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "xgs1250",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
},
{
"model": "xgs1210",
"scope": null,
"trust": 0.6,
"vendor": "zyxel",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"cve": "CVE-2021-35031",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CVE-2021-35031",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.1,
"id": "CNVD-2022-01689",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2021-35031",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "security@zyxel.com.tw",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2021-35031",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.0,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-35031",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-35031",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security@zyxel.com.tw",
"id": "CVE-2021-35031",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-35031",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-01689",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202112-2730",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-35031",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, which could allow an authenticated LAN user to execute arbitrary OS commands via the GUI of the vulnerable device. (DoS) It may be in a state. Zyxel ZyXEL GS1900 is a managed switch from Zyxel, Taiwan. \n\r\n\r\nAn access control error vulnerability exists in several Zyxel products. The vulnerability is caused by the product\u0027s TFTP client not adding permission control to the function of executing system commands. An attacker can use this vulnerability to execute arbitrary operating system commands after logging in",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-35031",
"trust": 3.9
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-01689",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010304",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-35031",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"id": "VAR-202112-2079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
}
]
},
"last_update_date": "2024-08-14T14:18:11.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Zyxel\u00a0security\u00a0advisory\u00a0for\u00a0OS\u00a0command\u00a0injection\u00a0vulnerabilities\u00a0of\u00a0GS1900,\u00a0XGS1210,\u00a0and\u00a0XGS1250\u00a0series\u00a0switches",
"trust": 0.8,
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerabilities-of-gs1900-xgs1210-and-xgs1250-series-switches"
},
{
"title": "Patch for ZyXEL GS1900 Access Control Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/312051"
},
{
"title": "ZyXEL GS1900 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176845"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-35031"
},
{
"trust": 1.7,
"url": "https://www.zyxel.com/support/zyxel_security_advisory_for_os_command_injection_vulnerabilities_of_switches.shtml"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010304"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"date": "2021-12-28T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"date": "2023-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"date": "2021-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"date": "2021-12-28T11:15:07.463000",
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-01689"
},
{
"date": "2022-01-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-35031"
},
{
"date": "2023-01-17T01:51:00",
"db": "JVNDB",
"id": "JVNDB-2021-017333"
},
{
"date": "2022-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202112-2730"
},
{
"date": "2022-01-07T16:59:51.267000",
"db": "NVD",
"id": "CVE-2021-35031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Zyxel\u00a0 in the firmware \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-017333"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202112-2730"
}
],
"trust": 0.6
}
}