Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2016-1373 (GCVE-0-2016-1373)
Vulnerability from cvelistv5 – Published: 2016-05-05 21:00 – Updated: 2024-08-05 22:55
VLAI?
EPSS
Summary
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:55:14.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1035756",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035756"
},
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-29T16:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1035756",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035756"
},
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035756"
},
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2016-1373",
"datePublished": "2016-05-05T21:00:00.000Z",
"dateReserved": "2016-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:55:14.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2016-1373
Vulnerability from fkie_nvd - Published: 2016-05-05 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | finesse | 8.5\(1\)_base | |
| cisco | finesse | 8.5\(2\)_base | |
| cisco | finesse | 8.5\(3\)_base | |
| cisco | finesse | 8.5\(4\)_base | |
| cisco | finesse | 8.5\(5\)_base | |
| cisco | finesse | 8.6\(1\)_base | |
| cisco | finesse | 9.0\(1\)_base | |
| cisco | finesse | 9.0\(2\)_base | |
| cisco | finesse | 9.1\(1\)_base | |
| cisco | finesse | 9.1\(1\)_es1 | |
| cisco | finesse | 9.1\(1\)_es2 | |
| cisco | finesse | 9.1\(1\)_es3 | |
| cisco | finesse | 9.1\(1\)_es4 | |
| cisco | finesse | 9.1\(1\)_es5 | |
| cisco | finesse | 9.1\(1\)_su1 | |
| cisco | finesse | 9.1\(1\)_su1.1 | |
| cisco | finesse | 10.0\(1\)_base | |
| cisco | finesse | 10.0\(1\)_su1 | |
| cisco | finesse | 10.0\(1\)_su1.1 | |
| cisco | finesse | 10.5\(1\)_base | |
| cisco | finesse | 10.5\(1\)_es1 | |
| cisco | finesse | 10.5\(1\)_es2 | |
| cisco | finesse | 10.5\(1\)_es3 | |
| cisco | finesse | 10.5\(1\)_es4 | |
| cisco | finesse | 10.5\(1\)_su1 | |
| cisco | finesse | 10.5\(1\)_su1.1 | |
| cisco | finesse | 10.5\(1\)_su1.7 | |
| cisco | finesse | 10.6\(1\)_base | |
| cisco | finesse | 10.6\(1\)_su1 | |
| cisco | finesse | 10.6\(1\)_su2 | |
| cisco | finesse | 11.0\(1\)_base |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:finesse:8.5\\(1\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "93A74FB6-308B-440F-A713-B006599B0C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:8.5\\(2\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "64B9B388-9F1C-47D9-BD82-FA132E936521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:8.5\\(3\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "67BB5F85-5EE6-46A9-A071-A4AB99B53927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:8.5\\(4\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "154B9756-918E-4CA4-A2FA-F9A92EF3440A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:8.5\\(5\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAC47B7-EB35-400E-B9A8-F13620583F63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:8.6\\(1\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "59B1767A-B4CB-45B7-A364-15C75016E74A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.0\\(1\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "4F31178A-E124-45CF-A284-E701C72A5D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.0\\(2\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "87FC4450-21C6-4DB1-9D65-AFFDB6C33DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DB180E-703A-4EB7-922D-1B3CA1E4904A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es1:*:*:*:*:*:*:*",
"matchCriteriaId": "986D5ECE-89EF-45C0-A2C1-A33171B29155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es2:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF257E1-C6EC-4917-90A7-28D592B0123F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es3:*:*:*:*:*:*:*",
"matchCriteriaId": "2132A987-5A3F-44C8-815D-BC7246911C99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es4:*:*:*:*:*:*:*",
"matchCriteriaId": "D00214A4-E9DF-4C66-AD16-D3AC583BFA8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es5:*:*:*:*:*:*:*",
"matchCriteriaId": "EC791794-4890-40BF-A96F-FF93258885AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_su1:*:*:*:*:*:*:*",
"matchCriteriaId": "39BC5752-1178-4E52-9BC3-20FAAD60D37D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_su1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "92B3FB8A-300F-462A-B6FB-68D2615EF229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.0\\(1\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "839493EF-394B-4F61-A78F-E1825B4092F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.0\\(1\\)_su1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDAAD5DF-0763-49C2-A5C6-831CFECEB633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.0\\(1\\)_su1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24AA0D47-CFCD-4191-A5F8-2A42A65D7835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "22F2B8E7-53AD-457D-B3BF-B261C80BBD0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es1:*:*:*:*:*:*:*",
"matchCriteriaId": "D37E02C3-B63F-43D9-AF7F-76609C424620",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es2:*:*:*:*:*:*:*",
"matchCriteriaId": "C869C393-AD1F-4334-92F6-F5CB11979EDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es3:*:*:*:*:*:*:*",
"matchCriteriaId": "7E80412C-6BFF-44D7-B3B6-D8CC19D93296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es4:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C8DA33-8104-414A-8C63-1405C6EEB362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_su1:*:*:*:*:*:*:*",
"matchCriteriaId": "523D9F1F-74BA-4DD7-BF9F-473643CA32C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_su1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "86356E8E-6751-4D5D-97C2-BC7180F7ED3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_su1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "12F677FF-1C9E-484A-A44B-8A4B74627579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.6\\(1\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "316D6AAA-905B-4EE8-B170-B5385EEB1DC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.6\\(1\\)_su1:*:*:*:*:*:*:*",
"matchCriteriaId": "C319E8AD-774D-42A4-8B00-DCBB30413072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:10.6\\(1\\)_su2:*:*:*:*:*:*:*",
"matchCriteriaId": "32B648DB-B8A7-40CC-B9CB-190D399C5BE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:finesse:11.0\\(1\\)_base:*:*:*:*:*:*:*",
"matchCriteriaId": "6F430C6D-24ED-4FB9-9F34-16F0A9CBEE2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
},
{
"lang": "es",
"value": "La API gadgets-integration en Cisco Finesse 8.5(1) hasta la versi\u00f3n 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 hasta la versi\u00f3n 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 hasta la versi\u00f3n 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2 y 11.0(1) permite a atacantes remotos llevar a cabo ataques de falsificaci\u00f3n de peticiones del lado del servidor (SSRF) a trav\u00e9s de una petici\u00f3n manipulada, tambi\u00e9n conocido como Bug ID CSCuw86623."
}
],
"evaluatorComment": "\u003ca href=\"https://cwe.mitre.org/data/definitions/918.html\"\u003eCWE-918: Server-Side Request Forgery (SSRF)\u003c/a\u003e",
"id": "CVE-2016-1373",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-05T21:59:03.267",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id/1035756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035756"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-R94F-58PF-4J6W
Vulnerability from github – Published: 2022-05-17 03:36 – Updated: 2022-05-17 03:36
VLAI?
Details
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
Severity ?
8.6 (High)
{
"affected": [],
"aliases": [
"CVE-2016-1373"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-05-05T21:59:00Z",
"severity": "HIGH"
},
"details": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.",
"id": "GHSA-r94f-58pf-4j6w",
"modified": "2022-05-17T03:36:25Z",
"published": "2022-05-17T03:36:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1373"
},
{
"type": "WEB",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1035756"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2016-1373
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2016-1373",
"description": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.",
"id": "GSD-2016-1373"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2016-1373"
],
"details": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.",
"id": "GSD-2016-1373",
"modified": "2023-12-13T01:21:24.606764Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035756"
},
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:8.5\\(2\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:8.5\\(3\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.6\\(1\\)_su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.6\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_su1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.0\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.0\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:8.5\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:11.0\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.6\\(1\\)_su2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_su1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_es5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_su1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:8.5\\(4\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:8.5\\(5\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.0\\(1\\)_su1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.0\\(1\\)_su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_su1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.1\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:8.6\\(1\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:9.0\\(2\\)_base:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:finesse:10.5\\(1\\)_es4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2016-1373"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20160504 Cisco Finesse HTTP Request Processing Server-Side Request Forgery Vulnerability",
"refsource": "CISCO",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
},
{
"name": "1035756",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id/1035756"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
},
"lastModifiedDate": "2016-12-01T03:05Z",
"publishedDate": "2016-05-05T21:59Z"
}
}
}
CNVD-2016-02917
Vulnerability from cnvd - Published: 2016-05-11
VLAI Severity ?
Title
Cisco Finesse服务器端请求伪造漏洞
Description
Cisco Finesse是美国思科(Cisco)公司的一套呼叫中心管理软件。该软件可提升呼叫中心服务质量、改善客户体验、提高客服代表满意度。
Cisco Finesse中存在服务器端请求伪造漏洞,该漏洞源于程序未能充分限制gadgets集成的API访问。远程攻击者可通过发送特制的HTTP请求利用该漏洞执行任意操作。
Severity
中
Patch Name
Cisco Finesse服务器端请求伪造漏洞的补丁
Patch Description
Cisco Finesse是美国思科(Cisco)公司的一套呼叫中心管理软件。该软件可提升呼叫中心服务质量、改善客户体验、提高客服代表满意度。
Cisco Finesse中存在服务器端请求伪造漏洞,该漏洞源于程序未能充分限制gadgets集成的API访问。远程攻击者可通过发送特制的HTTP请求利用该漏洞执行任意操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse
Impacted products
| Name | ['Cisco Cisco Finesse 8.6(1)', 'Cisco Cisco Finesse 9.0(1)', 'Cisco Cisco Finesse 9.0(2)', 'Cisco Cisco Finesse 9.1(1)', 'Cisco Cisco Finesse 9.1(1)SU1', 'Cisco Cisco Finesse 9.1(1)SU1.1', 'Cisco Cisco Finesse >=9.1(1)ES1,<=9.1(1)ES5', 'Cisco Cisco Finesse 10.0(1)', 'Cisco Cisco Finesse 10.0(1)SU1', 'Cisco Cisco Finesse 10.0(1)SU1.1', 'Cisco Cisco Finesse 10.5(1)', 'Cisco Cisco Finesse >=10.5(1)ES1,<=10.5(1)ES4', 'Cisco Cisco Finesse 10.5(1)SU1', 'Cisco Cisco Finesse 10.5', 'Cisco Cisco Finesse >8.5(1),<=8.5(5)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2016-1373"
}
},
"description": "Cisco Finesse\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u547c\u53eb\u4e2d\u5fc3\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u63d0\u5347\u547c\u53eb\u4e2d\u5fc3\u670d\u52a1\u8d28\u91cf\u3001\u6539\u5584\u5ba2\u6237\u4f53\u9a8c\u3001\u63d0\u9ad8\u5ba2\u670d\u4ee3\u8868\u6ee1\u610f\u5ea6\u3002\r\n\r\nCisco Finesse\u4e2d\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9650\u5236gadgets\u96c6\u6210\u7684API\u8bbf\u95ee\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002",
"discovererName": "Cisco",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2016-02917",
"openTime": "2016-05-11",
"patchDescription": "Cisco Finesse\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u547c\u53eb\u4e2d\u5fc3\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u53ef\u63d0\u5347\u547c\u53eb\u4e2d\u5fc3\u670d\u52a1\u8d28\u91cf\u3001\u6539\u5584\u5ba2\u6237\u4f53\u9a8c\u3001\u63d0\u9ad8\u5ba2\u670d\u4ee3\u8868\u6ee1\u610f\u5ea6\u3002\r\n\r\nCisco Finesse\u4e2d\u5b58\u5728\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9650\u5236gadgets\u96c6\u6210\u7684API\u8bbf\u95ee\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cisco Finesse\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco Cisco Finesse 8.6(1)",
"Cisco Cisco Finesse 9.0(1)",
"Cisco Cisco Finesse 9.0(2)",
"Cisco Cisco Finesse 9.1(1)",
"Cisco Cisco Finesse 9.1(1)SU1",
"Cisco Cisco Finesse 9.1(1)SU1.1",
"Cisco Cisco Finesse \u003e=9.1(1)ES1\uff0c\u003c=9.1(1)ES5",
"Cisco Cisco Finesse 10.0(1)",
"Cisco Cisco Finesse 10.0(1)SU1",
"Cisco Cisco Finesse 10.0(1)SU1.1",
"Cisco Cisco Finesse 10.5(1)",
"Cisco Cisco Finesse \u003e=10.5(1)ES1\uff0c\u003c=10.5(1)ES4",
"Cisco Cisco Finesse 10.5(1)SU1",
"Cisco Cisco Finesse 10.5",
"Cisco Cisco Finesse \u003e8.5(1)\uff0c\u003c=8.5(5)"
]
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse",
"serverity": "\u4e2d",
"submitTime": "2016-05-06",
"title": "Cisco Finesse\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}
CERTFR-2016-AVI-153
Vulnerability from certfr_avis - Published: 2016-05-06 - Updated: 2016-05-06
De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Cisco | N/A | Cisco WebEx Meetings Server version 2.6 | ||
| Cisco | N/A | Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0 | ||
| Cisco | N/A | Cisco Finesse | ||
| Cisco | N/A | Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1 | ||
| Cisco | N/A | Cisco APIC-EM version 1.0(1) | ||
| Cisco | N/A | Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7 | ||
| Cisco | N/A | Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7 | ||
| Cisco | N/A | Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation) | ||
| Cisco | N/A | Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6 | ||
| Cisco | N/A | Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7 | ||
| Cisco | N/A | Cisco Information Server version 6.2 | ||
| Cisco | N/A | Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4 | ||
| Cisco | N/A | Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cisco WebEx Meetings Server version 2.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Finesse",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco APIC-EM version 1.0(1)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco Information Server version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
},
{
"description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Cisco",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2016-1547",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
},
{
"name": "CVE-2016-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
},
{
"name": "CVE-2016-2105",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
},
{
"name": "CVE-2016-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
},
{
"name": "CVE-2016-1550",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
},
{
"name": "CVE-2016-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
},
{
"name": "CVE-2016-1549",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
},
{
"name": "CVE-2015-8138",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
},
{
"name": "CVE-2016-1368",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2016-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
},
{
"name": "CVE-2016-2106",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
},
{
"name": "CVE-2016-1373",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
},
{
"name": "CVE-2016-1392",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
},
{
"name": "CVE-2016-2519",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
},
{
"name": "CVE-2016-1369",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
},
{
"name": "CVE-2015-7704",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
},
{
"name": "CVE-2016-2517",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2016-1386",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
},
{
"name": "CVE-2016-1389",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
},
{
"name": "CVE-2016-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
}
],
"initial_release_date": "2016-05-06T00:00:00",
"last_revision_date": "2016-05-06T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai 2016",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
}
],
"reference": "CERTFR-2016-AVI-153",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-05-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…