Vulnerability-Lookup

CVE-2016-1392 (GCVE-0-2016-1392)

Vulnerability from cvelistv5 – Published: 2016-05-05 21:00 – Updated: 2024-08-05 22:55

Summary

Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

GHSA-5WWC-CQ29-4Q6M

Vulnerability from github – Published: 2022-05-17 03:36 – Updated: 2022-05-17 03:36

Details

Severity ?

7.4 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-1392"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-05T21:59:00Z",
    "severity": "HIGH"
  },
  "details": "Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.",
  "id": "GHSA-5wwc-cq29-4q6m",
  "modified": "2022-05-17T03:36:02Z",
  "published": "2022-05-17T03:36:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1392"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1035736"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2016-02805

Vulnerability from cnvd - Published: 2016-05-09

Title

Cisco Prime Collaboration Assurance开放重定向漏洞

Description

Cisco Prime Collaboration是综合性视频及声音服务保障及管理系统。 Cisco Prime Collaboration Assurance 10.5至11.0版本的Web接口未正确验证HTTP请求参数。远程攻击者利用此漏洞可使Web接口将请求重定向到恶意网页, 执行钓鱼攻击。

Severity

中

Patch Name

Cisco Prime Collaboration Assurance开放重定向漏洞的补丁

Patch Description

Cisco Prime Collaboration是综合性视频及声音服务保障及管理系统。 Cisco Prime Collaboration Assurance 10.5至11.0版本的Web接口未正确验证HTTP请求参数。远程攻击者利用此漏洞可使Web接口将请求重定向到恶意网页, 执行钓鱼攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Cisco已经为此发布了一个安全公告（cisco-sa-20160503-pca）以及相应补丁: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca

Impacted products

Name
Cisco Prime Collaboration Assurance Software >=10.5，<=11.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1392"
    }
  },
  "description": "Cisco Prime Collaboration\u662f\u7efc\u5408\u6027\u89c6\u9891\u53ca\u58f0\u97f3\u670d\u52a1\u4fdd\u969c\u53ca\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nCisco Prime Collaboration Assurance 10.5\u81f311.0\u7248\u672c\u7684Web\u63a5\u53e3\u672a\u6b63\u786e\u9a8c\u8bc1HTTP\u8bf7\u6c42\u53c2\u6570\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4f7fWeb\u63a5\u53e3\u5c06\u8bf7\u6c42\u91cd\u5b9a\u5411\u5230\u6076\u610f\u7f51\u9875, \u6267\u884c\u9493\u9c7c\u653b\u51fb\u3002",
  "discovererName": "Cisco",
  "formalWay": "Cisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20160503-pca\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02805",
  "openTime": "2016-05-09",
  "patchDescription": "Cisco Prime Collaboration\u662f\u7efc\u5408\u6027\u89c6\u9891\u53ca\u58f0\u97f3\u670d\u52a1\u4fdd\u969c\u53ca\u7ba1\u7406\u7cfb\u7edf\u3002\r\n\r\nCisco Prime Collaboration Assurance 10.5\u81f311.0\u7248\u672c\u7684Web\u63a5\u53e3\u672a\u6b63\u786e\u9a8c\u8bc1HTTP\u8bf7\u6c42\u53c2\u6570\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u4f7fWeb\u63a5\u53e3\u5c06\u8bf7\u6c42\u91cd\u5b9a\u5411\u5230\u6076\u610f\u7f51\u9875, \u6267\u884c\u9493\u9c7c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Prime Collaboration Assurance\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco Prime Collaboration Assurance Software \u003e=10.5\uff0c\u003c=11.0"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca",
  "serverity": "\u4e2d",
  "submitTime": "2016-05-06",
  "title": "Cisco Prime Collaboration Assurance\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

GSD-2016-1392

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1392

Aliases

CVE-2016-1392

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1392",
    "description": "Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.",
    "id": "GSD-2016-1392"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1392"
      ],
      "details": "Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121.",
      "id": "GSD-2016-1392",
      "modified": "2023-12-13T01:21:24.615450Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2016-1392",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1035736",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1035736"
          },
          {
            "name": "20160503 Cisco Prime Collaboration Assurance Open Redirect Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_collaboration_assurance:11.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1392"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160503 Cisco Prime Collaboration Assurance Open Redirect Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
            },
            {
              "name": "1035736",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1035736"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2016-12-01T03:05Z",
      "publishedDate": "2016-05-05T21:59Z"
    }
  }
}

FKIE_CVE-2016-1392

Vulnerability from fkie_nvd - Published: 2016-05-05 21:59 - Updated: 2025-04-12 10:46

Severity ?

7.4 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca	Vendor Advisory
psirt@cisco.com	http://www.securitytracker.com/id/1035736
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1035736

Impacted products

Vendor	Product	Version
cisco	prime_collaboration_assurance	10.5.0
cisco	prime_collaboration_assurance	10.5.1
cisco	prime_collaboration_assurance	10.6.0
cisco	prime_collaboration_assurance	11.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24D5EE73-6543-4011-85C3-CDBB079043C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7BC51A3-C6B9-43F3-B742-4925A9DFEDDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:10.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF979F82-4761-45D7-A1A1-44F0B3C8CFD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "869158A1-B464-4913-AC4B-D79EE02923CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Open redirect vulnerability in Cisco Prime Collaboration Assurance Software 10.5 through 11.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuu34121."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de redirecci\u00f3n abierta en Cisco Prime Collaboration Assurance Software 10.5 hasta la versi\u00f3n 11.0 permite a atacantes remotos redirigir a usuarios a sitios web arbitrarios y llevar a cabo ataques de phising a trav\u00e9s de vectores no especificados, tambi\u00e9n conocido como Bug ID CSCuu34121."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/601.html\"\u003eCWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)\u003c/a\u003e",
  "id": "CVE-2016-1392",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-05T21:59:05.800",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id/1035736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035736"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-153

Vulnerability from certfr_avis - Published: 2016-05-06 - Updated: 2016-05-06

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings Server version 2.6
Cisco	N/A	Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0
Cisco	N/A	Cisco Finesse
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1
Cisco	N/A	Cisco APIC-EM version 1.0(1)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7
Cisco	N/A	Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7
Cisco	N/A	Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7
Cisco	N/A	Cisco Information Server version 6.2
Cisco	N/A	Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4
Cisco	N/A	Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 03 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 04 mai 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings Server version 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Information Server version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2016-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2016-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
    },
    {
      "name": "CVE-2016-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
    },
    {
      "name": "CVE-2016-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
    },
    {
      "name": "CVE-2016-2516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2016-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
    },
    {
      "name": "CVE-2016-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
    },
    {
      "name": "CVE-2015-7704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
    },
    {
      "name": "CVE-2016-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
    },
    {
      "name": "CVE-2016-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    }
  ],
  "initial_release_date": "2016-05-06T00:00:00",
  "last_revision_date": "2016-05-06T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du    04 mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    }
  ],
  "reference": "CERTFR-2016-AVI-153",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1392 (GCVE-0-2016-1392)

GHSA-5WWC-CQ29-4Q6M

CNVD-2016-02805

GSD-2016-1392

FKIE_CVE-2016-1392

CERTFR-2016-AVI-153

Solution

Tags

Sightings

Nomenclature