Vulnerability-Lookup

CVE-2016-1387 (GCVE-0-2016-1387)

Vulnerability from cvelistv5 – Published: 2016-05-05 21:00 – Updated: 2024-08-05 22:55

Summary

The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GHSA-P6FP-5RVV-M3W2

Vulnerability from github – Published: 2022-05-17 03:36 – Updated: 2022-05-17 03:36

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-05T21:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.",
  "id": "GHSA-p6fp-5rvv-m3w2",
  "modified": "2022-05-17T03:36:02Z",
  "published": "2022-05-17T03:36:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1387"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035744"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2016-1387

Vulnerability from fkie_nvd - Published: 2016-05-05 21:59 - Updated: 2025-04-12 10:46

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1035744
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035744

Impacted products

Vendor	Product	Version
cisco	telepresence_tc_software	7.2.0
cisco	telepresence_tc_software	7.2.1
cisco	telepresence_tc_software	7.3.0
cisco	telepresence_tc_software	7.3.1
cisco	telepresence_tc_software	7.3.2
cisco	telepresence_tc_software	7.3.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0012942-BB39-42EE-AB7F-46E503140016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6627DC6B-166F-4DC9-A330-4C6063C3AD9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24F58A78-36B5-4CF0-B71D-DF451479F451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B87019A-1277-483E-AAD1-17A53FAD7121",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3501B65-DF7C-4E58-894A-E0280A68DA62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "35BCB121-C70F-44BC-80EE-415BDCF0E3FF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935."
    },
    {
      "lang": "es",
      "value": "La API XML en TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4 y 7.3.5 y Collaboration Endpoint (CE) 8.0.0, 8.0.1 y 8.1.0 en Cisco TelePresence Software maneja incorrectamente la autenticaci\u00f3n, lo que permite a atacantes remotos ejecutar comandos de control o realizar cambios de configuraci\u00f3n a trav\u00e9s de una petici\u00f3n API, tambi\u00e9n conocido como Bug ID CSCuz26935."
    }
  ],
  "id": "CVE-2016-1387",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 8.5,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-05T21:59:04.423",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1035744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035744"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2016-1387

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1387

Aliases

CVE-2016-1387

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1387",
    "description": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.",
    "id": "GSD-2016-1387"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1387"
      ],
      "details": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935.",
      "id": "GSD-2016-1387",
      "modified": "2023-12-13T01:21:24.685494Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1387",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20160504 Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
          },
          {
            "name": "1035744",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035744"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:telepresence_tc_software:7.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1387"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, and 7.3.5 and Collaboration Endpoint (CE) 8.0.0, 8.0.1, and 8.1.0 in Cisco TelePresence Software mishandles authentication, which allows remote attackers to execute control commands or make configuration changes via an API request, aka Bug ID CSCuz26935."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160504 Cisco TelePresence XML Application Programming Interface Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
            },
            {
              "name": "1035744",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035744"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 8.5,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2016-12-01T03:05Z",
      "publishedDate": "2016-05-05T21:59Z"
    }
  }
}

CNVD-2016-02916

Vulnerability from cnvd - Published: 2016-05-11

Title

Cisco TelePresence Codec和Collaboration Endpoint Software身份验证绕过漏洞

Description

Cisco TelePresence是美国思科（Cisco）公司的一套被称为“网真”系统的视频会议解决方案。TelePresence Codec（TC）和Collaboration Endpoint（CE）Software是其中的两个终端软件。 Cisco TelePresence中的TC和CE Software的XML API中存在身份验证绕过漏洞。远程攻击者可通过发送特制的HTTP请求利用该漏洞绕过身份验证，执行未授权的配置更改，或向受影响设备发送控制命令。

Severity

高

Patch Name

Cisco TelePresence Codec和Collaboration Endpoint Software身份验证绕过漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml

Impacted products

Name
['Cisco TelePresence Codec (TC) 7.2.0', 'Cisco TelePresence Codec (TC) 7.2.1', 'Cisco TelePresence Codec (TC) 7.3.0', 'Cisco TelePresence Codec (TC) 7.3.1', 'Cisco TelePresence Codec (TC) 7.3.2', 'Cisco TelePresence Codec (TC) 7.3.3', 'Cisco TelePresence Codec (TC) 7.3.4', 'Cisco TelePresence Codec (TC) 7.3.5', 'Cisco Collaboration Endpoint (CE) 8.0.0', 'Cisco Collaboration Endpoint (CE) 8.0.1', 'Cisco Collaboration Endpoint (CE) 8.1.0']

Name

['Cisco TelePresence Codec (TC) 7.2.0', 'Cisco TelePresence Codec (TC) 7.2.1', 'Cisco TelePresence Codec (TC) 7.3.0', 'Cisco TelePresence Codec (TC) 7.3.1', 'Cisco TelePresence Codec (TC) 7.3.2', 'Cisco TelePresence Codec (TC) 7.3.3', 'Cisco TelePresence Codec (TC) 7.3.4', 'Cisco TelePresence Codec (TC) 7.3.5', 'Cisco Collaboration Endpoint (CE) 8.0.0', 'Cisco Collaboration Endpoint (CE) 8.0.1', 'Cisco Collaboration Endpoint (CE) 8.1.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1387"
    }
  },
  "description": "Cisco TelePresence\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u88ab\u79f0\u4e3a\u201c\u7f51\u771f\u201d\u7cfb\u7edf\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002TelePresence Codec\uff08TC\uff09\u548cCollaboration Endpoint\uff08CE\uff09Software\u662f\u5176\u4e2d\u7684\u4e24\u4e2a\u7ec8\u7aef\u8f6f\u4ef6\u3002\r\n\r\nCisco TelePresence\u4e2d\u7684TC\u548cCE Software\u7684XML API\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u914d\u7f6e\u66f4\u6539\uff0c\u6216\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u63a7\u5236\u547d\u4ee4\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a \r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02916",
  "openTime": "2016-05-11",
  "patchDescription": "Cisco TelePresence\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u88ab\u79f0\u4e3a\u201c\u7f51\u771f\u201d\u7cfb\u7edf\u7684\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002TelePresence Codec\uff08TC\uff09\u548cCollaboration Endpoint\uff08CE\uff09Software\u662f\u5176\u4e2d\u7684\u4e24\u4e2a\u7ec8\u7aef\u8f6f\u4ef6\u3002\r\n\r\nCisco TelePresence\u4e2d\u7684TC\u548cCE Software\u7684XML API\u4e2d\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u53d1\u9001\u7279\u5236\u7684HTTP\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8eab\u4efd\u9a8c\u8bc1\uff0c\u6267\u884c\u672a\u6388\u6743\u7684\u914d\u7f6e\u66f4\u6539\uff0c\u6216\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u63a7\u5236\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco TelePresence Codec\u548cCollaboration Endpoint Software\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco TelePresence Codec (TC) 7.2.0",
      "Cisco TelePresence Codec (TC) 7.2.1",
      "Cisco TelePresence Codec (TC) 7.3.0",
      "Cisco TelePresence Codec (TC) 7.3.1",
      "Cisco TelePresence Codec (TC) 7.3.2",
      "Cisco TelePresence Codec (TC) 7.3.3",
      "Cisco TelePresence Codec (TC) 7.3.4",
      "Cisco TelePresence Codec (TC) 7.3.5",
      "Cisco Collaboration Endpoint (CE) 8.0.0",
      "Cisco Collaboration Endpoint (CE) 8.0.1",
      "Cisco Collaboration Endpoint (CE) 8.1.0"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml",
  "serverity": "\u9ad8",
  "submitTime": "2016-05-06",
  "title": "Cisco TelePresence Codec\u548cCollaboration Endpoint Software\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e"
}

CERTFR-2016-AVI-153

Vulnerability from certfr_avis - Published: 2016-05-06 - Updated: 2016-05-06

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings Server version 2.6
Cisco	N/A	Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0
Cisco	N/A	Cisco Finesse
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1
Cisco	N/A	Cisco APIC-EM version 1.0(1)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7
Cisco	N/A	Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7
Cisco	N/A	Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7
Cisco	N/A	Cisco Information Server version 6.2
Cisco	N/A	Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4
Cisco	N/A	Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 03 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 04 mai 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings Server version 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Information Server version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2016-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2016-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
    },
    {
      "name": "CVE-2016-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
    },
    {
      "name": "CVE-2016-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
    },
    {
      "name": "CVE-2016-2516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2016-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
    },
    {
      "name": "CVE-2016-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
    },
    {
      "name": "CVE-2015-7704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
    },
    {
      "name": "CVE-2016-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
    },
    {
      "name": "CVE-2016-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    }
  ],
  "initial_release_date": "2016-05-06T00:00:00",
  "last_revision_date": "2016-05-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du    04 mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    }
  ],
  "reference": "CERTFR-2016-AVI-153",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1387 (GCVE-0-2016-1387)

GHSA-P6FP-5RVV-M3W2

FKIE_CVE-2016-1387

GSD-2016-1387

CNVD-2016-02916

CERTFR-2016-AVI-153

Solution

Tags

Sightings

Nomenclature