Lucene search

CiscoCVE-2016-1390

HistoryJun 04, 2016 - 1:59 a.m.

CVE-2016-1390

2016-06-0401:59:02

CWE-20

cisco

web.nvd.nist.gov

cve-2016-1390

cisco

prime network analysis module

nam

virtual network analysis module

vnam

root access

cli input

bug id

cscuy21892

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow local users to obtain root access via crafted CLI input, aka Bug ID CSCuy21892.

Affected configurations

Nvd

Node

ciscoprime_network_analysis_module_softwareMatch5.0.0

ciscoprime_network_analysis_module_softwareMatch5.0.1

ciscoprime_network_analysis_module_softwareMatch5.0.2

ciscoprime_network_analysis_module_softwareMatch5.1.0

ciscoprime_network_analysis_module_softwareMatch5.1.2

ciscoprime_network_analysis_module_softwareMatch6.0.2

ciscoprime_network_analysis_module_softwareMatch6.1.0

ciscoprime_network_analysis_module_softwareMatch6.1.1

ciscoprime_network_analysis_module_softwareMatch6.2.0

ciscoprime_virtual_network_analysis_module_softwareMatch6.0.0

ciscoprime_virtual_network_analysis_module_softwareMatch6.1.0

ciscoprime_virtual_network_analysis_module_softwareMatch6.2.0

VendorProductVersionCPE
ciscoprime_network_analysis_module_software5.0.0cpe:2.3:a:cisco:prime_network_analysis_module_software:5.0.0:*:*:*:*:*:*:*
ciscoprime_network_analysis_module_software5.0.1cpe:2.3:a:cisco:prime_network_analysis_module_software:5.0.1:*:*:*:*:*:*:*
ciscoprime_network_analysis_module_software5.0.2cpe:2.3:a:cisco:prime_network_analysis_module_software:5.0.2:*:*:*:*:*:*:*
ciscoprime_network_analysis_module_software5.1.0cpe:2.3:a:cisco:prime_network_analysis_module_software:5.1.0:*:*:*:*:*:*:*
ciscoprime_network_analysis_module_software5.1.2cpe:2.3:a:cisco:prime_network_analysis_module_software:5.1.2:*:*:*:*:*:*:*
ciscoprime_network_analysis_module_software6.0.2cpe:2.3:a:cisco:prime_network_analysis_module_software:6.0.2:*:*:*:*:*:*:*
ciscoprime_network_analysis_module_software6.1.0cpe:2.3:a:cisco:prime_network_analysis_module_software:6.1.0:*:*:*:*:*:*:*
ciscoprime_network_analysis_module_software6.1.1cpe:2.3:a:cisco:prime_network_analysis_module_software:6.1.1:*:*:*:*:*:*:*
ciscoprime_network_analysis_module_software6.2.0cpe:2.3:a:cisco:prime_network_analysis_module_software:6.2.0:*:*:*:*:*:*:*
ciscoprime_virtual_network_analysis_module_software6.0.0cpe:2.3:a:cisco:prime_virtual_network_analysis_module_software:6.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	prime_network_analysis_module_software	5.0.0	cpe:2.3:a:cisco:prime_network_analysis_module_software:5.0.0:::::::*
cisco	prime_network_analysis_module_software	5.0.1	cpe:2.3:a:cisco:prime_network_analysis_module_software:5.0.1:::::::*
cisco	prime_network_analysis_module_software	5.0.2	cpe:2.3:a:cisco:prime_network_analysis_module_software:5.0.2:::::::*
cisco	prime_network_analysis_module_software	5.1.0	cpe:2.3:a:cisco:prime_network_analysis_module_software:5.1.0:::::::*
cisco	prime_network_analysis_module_software	5.1.2	cpe:2.3:a:cisco:prime_network_analysis_module_software:5.1.2:::::::*
cisco	prime_network_analysis_module_software	6.0.2	cpe:2.3:a:cisco:prime_network_analysis_module_software:6.0.2:::::::*
cisco	prime_network_analysis_module_software	6.1.0	cpe:2.3:a:cisco:prime_network_analysis_module_software:6.1.0:::::::*
cisco	prime_network_analysis_module_software	6.1.1	cpe:2.3:a:cisco:prime_network_analysis_module_software:6.1.1:::::::*
cisco	prime_network_analysis_module_software	6.2.0	cpe:2.3:a:cisco:prime_network_analysis_module_software:6.2.0:::::::*
cisco	prime_virtual_network_analysis_module_software	6.0.0	cpe:2.3:a:cisco:prime_virtual_network_analysis_module_software:6.0.0:::::::*

Rows per page:

1-10 of 121

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160601-prime1

www.securitytracker.com/id/1036015

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-1390