VAR-201704-0488
Vulnerability from variot - Updated: 2025-04-20 23:37A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1). Cisco Aironet 1800 , 2800 ,and 3800 Series platform contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvb13893 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Cisco Aironet AccessPoints is a set of wireless access point devices from Cisco. A local privilege elevation vulnerability exists in the Cisco Aironet AccessPoints platform. This issue is being tracked by Cisco Bug ID CSCvb13893. The vulnerability is caused by the program not properly managing user credentials
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2\\(102.43\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1\\(112.4\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2\\(100.0\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1\\(112.3\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1\\(15.14\\)"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.2_base"
},
{
"model": "aironet access point",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "8.1\\(131.0\\)"
},
{
"model": "aironet access point software",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1800"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "2800"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "38000"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "28000"
},
{
"model": "aironet series access points",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "18000"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:cisco:aironet_access_point_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reuben Farrelly",
"sources": [
{
"db": "BID",
"id": "97468"
}
],
"trust": 0.3
},
"cve": "CVE-2016-9196",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-9196",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-05164",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-98016",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2016-9196",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-9196",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2016-9196",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-05164",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-442",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-98016",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1). Cisco Aironet 1800 , 2800 ,and 3800 Series platform contains vulnerabilities related to authorization, permissions, and access control. Vendors have confirmed this vulnerability Bug ID CSCvb13893 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Cisco Aironet AccessPoints is a set of wireless access point devices from Cisco. A local privilege elevation vulnerability exists in the Cisco Aironet AccessPoints platform. \nThis issue is being tracked by Cisco Bug ID CSCvb13893. The vulnerability is caused by the program not properly managing user credentials",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-9196"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "VULHUB",
"id": "VHN-98016"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-9196",
"trust": 3.4
},
{
"db": "BID",
"id": "97468",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1038187",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-05164",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "36323",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-98016",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"id": "VAR-201704-0488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
}
],
"trust": 1.19107143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
}
]
},
"last_update_date": "2025-04-20T23:37:56.972000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20170405-aironet",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet"
},
{
"title": "Patch for CiscoAironetAccessPoints Local Privilege Escalation Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/92338"
},
{
"title": "Cisco Aironet 1800 , 2800 and 3800 Series Access Point platforms Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75147"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20170405-aironet"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/97468"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1038187"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9196"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9196"
},
{
"trust": 0.6,
"url": "http://securitytracker.com/id/1038187"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/36323"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"db": "VULHUB",
"id": "VHN-98016"
},
{
"db": "BID",
"id": "97468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"date": "2017-04-07T00:00:00",
"db": "VULHUB",
"id": "VHN-98016"
},
{
"date": "2017-04-05T00:00:00",
"db": "BID",
"id": "97468"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"date": "2017-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"date": "2017-04-07T17:59:00.230000",
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05164"
},
{
"date": "2017-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-98016"
},
{
"date": "2017-04-11T00:03:00",
"db": "BID",
"id": "97468"
},
{
"date": "2017-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008289"
},
{
"date": "2017-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-442"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-9196"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97468"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Aironet Vulnerabilities related to authorization, authority, and access control in the platform",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008289"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-442"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…