CVE-2016-1406 - Vulnerability Details

Vendors	Products
Cisco	Evolved Programmable Network Manager Prime Infrastructure

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm
http://www.securitytracker.com/id/1035948

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-29T16:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1035948", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1035948"}, {"name": "20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1406", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1035948", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1035948"}, {"name": "20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.285Z"}, "title": "CVE Program Container", "references": [{"name": "1035948", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1035948"}, {"name": "20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1406", "datePublished": "2016-05-25T01:00:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.285Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2016-05-23T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-11-29T16:57:01 (string)

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

}

references : [ »

0 : { »

name : 1035948 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1035948 (string)

}

1 : { »

name : 20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@cisco.com (string)

ID : CVE-2016-1406 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 1035948 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1035948 (string)

}

1 : { »

name : 20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability (string)

refsource : CISCO (string)

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T22:55:14.285Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 1035948 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1035948 (string)

}

1 : { »

name : 20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_CISCO (string)

2 : x_transferred (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

assignerShortName : cisco (string)

cveId : CVE-2016-1406 (string)

datePublished : 2016-05-25T01:00:00 (string)

dateReserved : 2016-01-04T00:00:00 (string)

dateUpdated : 2024-08-05T22:55:14.285Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C057764-0A1B-41A9-A21B-F665480145AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "1AE45F94-2372-4CDD-A1E1-A4646F8D85AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.200:*:*:*:*:*:*:*", "matchCriteriaId": "8FD09D59-8557-4559-B0AB-71ECDEC77150", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.300:*:*:*:*:*:*:*", "matchCriteriaId": "1E49859E-08F7-485D-8EA0-F1B6024B2413", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "BA72A91C-0E65-420A-9DBE-3E0853EDB7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*", "matchCriteriaId": "B257E2F8-30EB-4BCC-8ACF-35DF73107AAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "E78D776C-AA8C-471D-A0C0-02428FA07A29", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "9D3206E7-DC91-4861-AD32-46DA82509D5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*", "matchCriteriaId": "1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "9ACB00E7-41E3-4221-8400-A279A75FD355", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "853315C7-01A7-4E83-9CBB-D45F6B5C4664", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB157A80-3A03-4B8D-9B20-C456A953CF7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "7678B118-E00C-4B1E-8B40-D3233DE3615C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "56394A07-6D74-4588-8C05-DE04959F7FC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:2.2\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "7830BF63-55ED-4D8B-B380-1E78E338EA2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "48F3C5A5-6C84-408D-B59A-265F8775C943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409."}, {"lang": "es", "value": "La interfaz web API en Cisco Prime Infrastructure en versiones anteriores a 3.1 y Cisco Evolved Programmable Network Manager en versiones anteriores a 1.2.4 permite a usuarios remotos autenticados eludir restricciones destinadas al RBAC y obtener informaci\u00f3n sensible, y consecuentemente obtener privilegios, a trav\u00e9s de datos JSON manipulados, tambi\u00e9n conocida como Bug ID CSCuy12409."}], "id": "CVE-2016-1406", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-05-25T01:59:09.757", "references": [{"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm"}, {"source": "psirt@cisco.com", "url": "http://www.securitytracker.com/id/1035948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1035948"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C057764-0A1B-41A9-A21B-F665480145AD (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 1AE45F94-2372-4CDD-A1E1-A4646F8D85AF (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.200:*:*:*:*:*:*:* (string)

matchCriteriaId : 8FD09D59-8557-4559-B0AB-71ECDEC77150 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.300:*:*:*:*:*:*:* (string)

matchCriteriaId : 1E49859E-08F7-485D-8EA0-F1B6024B2413 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : BA72A91C-0E65-420A-9DBE-3E0853EDB7C5 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:* (string)

matchCriteriaId : B257E2F8-30EB-4BCC-8ACF-35DF73107AAC (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 8B48C1E6-7C18-4C6B-B402-9C0E1A931C2C (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : B64A7FCA-1DEA-45B2-9C69-CCDCC848D9B3 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:* (string)

matchCriteriaId : E78D776C-AA8C-471D-A0C0-02428FA07A29 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 9D3206E7-DC91-4861-AD32-46DA82509D5B (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:* (string)

matchCriteriaId : 1704AC8E-BD7E-4882-8BB3-45B9E2AE0F10 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 9ACB00E7-41E3-4221-8400-A279A75FD355 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 853315C7-01A7-4E83-9CBB-D45F6B5C4664 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EB157A80-3A03-4B8D-9B20-C456A953CF7E (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7678B118-E00C-4B1E-8B40-D3233DE3615C (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 56394A07-6D74-4588-8C05-DE04959F7FC7 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:2.2\(2\):*:*:*:*:*:*:* (string)

matchCriteriaId : 7830BF63-55ED-4D8B-B380-1E78E338EA2D (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:cisco:prime_infrastructure:3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 48F3C5A5-6C84-408D-B59A-265F8775C943 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409. (string)

}

1 : { »

lang : es (string)

value : La interfaz web API en Cisco Prime Infrastructure en versiones anteriores a 3.1 y Cisco Evolved Programmable Network Manager en versiones anteriores a 1.2.4 permite a usuarios remotos autenticados eludir restricciones destinadas al RBAC y obtener información sensible, y consecuentemente obtener privilegios, a través de datos JSON manipulados, también conocida como Bug ID CSCuy12409. (string)

}

]

id : CVE-2016-1406 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-05-25T01:59:09.757 (string)

references : [ »

0 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm (string)

}

1 : { »

source : psirt@cisco.com (string)

url : http://www.securitytracker.com/id/1035948 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1035948 (string)

}

]

sourceIdentifier : psirt@cisco.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-284 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object