Lucene search

[email protected]NVD:CVE-2016-6427

HistoryOct 06, 2016 - 10:59 a.m.

CVE-2016-6427

2016-10-0610:59:12

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON

Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCuy75036 and CSCuy81654.

Affected configurations

Nvd

Node

ciscounified_contact_center_expressMatch10.0\(1\)

ciscounified_contact_center_expressMatch10.5\(1\)

ciscounified_contact_center_expressMatch10.6\(1\)

ciscounified_contact_center_expressMatch11.0\(1\)

ciscounified_intelligence_centerMatch8.5.4

ciscounified_intelligence_centerMatch9.0\(2\)

ciscounified_intelligence_centerMatch9.1\(1\)

VendorProductVersionCPE
ciscounified_contact_center_express10.0(1)cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\):*:*:*:*:*:*:*
ciscounified_contact_center_express10.5(1)cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):*:*:*:*:*:*:*
ciscounified_contact_center_express10.6(1)cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):*:*:*:*:*:*:*
ciscounified_contact_center_express11.0(1)cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\):*:*:*:*:*:*:*
ciscounified_intelligence_center8.5.4cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:*:*:*:*:*:*:*
ciscounified_intelligence_center9.0(2)cpe:2.3:a:cisco:unified_intelligence_center:9.0\(2\):*:*:*:*:*:*:*
ciscounified_intelligence_center9.1(1)cpe:2.3:a:cisco:unified_intelligence_center:9.1\(1\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_contact_center_express	10.0(1)	cpe:2.3:a:cisco:unified_contact_center_express:10.0\(1\):::::::*
cisco	unified_contact_center_express	10.5(1)	cpe:2.3:a:cisco:unified_contact_center_express:10.5\(1\):::::::*
cisco	unified_contact_center_express	10.6(1)	cpe:2.3:a:cisco:unified_contact_center_express:10.6\(1\):::::::*
cisco	unified_contact_center_express	11.0(1)	cpe:2.3:a:cisco:unified_contact_center_express:11.0\(1\):::::::*
cisco	unified_intelligence_center	8.5.4	cpe:2.3:a:cisco:unified_intelligence_center:8.5.4:::::::*
cisco	unified_intelligence_center	9.0(2)	cpe:2.3:a:cisco:unified_intelligence_center:9.0\(2\):::::::*
cisco	unified_intelligence_center	9.1(1)	cpe:2.3:a:cisco:unified_intelligence_center:9.1\(1\):::::::*

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161005-ucis3

www.securityfocus.com/bid/93418

www.securitytracker.com/id/1036953

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

52.2%

JSON

Related for NVD:CVE-2016-6427

nessus1 cvelist1 cve1 cisco1 prion1