CVE-2016-1411 - Vulnerability Details

Vendors	Products
Cisco	Content Security Management Appliance Email Security Appliance Web Security Appliance

Link	Providers
http://www.securityfocus.com/bid/94791
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Cisco AsyncOS", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco AsyncOS"}]}], "datePublic": "2016-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019."}], "problemTypes": [{"descriptions": [{"description": "unspecified", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-14T10:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos"}, {"name": "94791", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94791"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2016-1411", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco AsyncOS", "version": {"version_data": [{"version_value": "Cisco AsyncOS"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "unspecified"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos"}, {"name": "94791", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94791"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:55:14.485Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos"}, {"name": "94791", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94791"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2016-1411", "datePublished": "2016-12-14T00:37:00", "dateReserved": "2016-01-04T00:00:00", "dateUpdated": "2024-08-05T22:55:14.485Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Cisco AsyncOS (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : Cisco AsyncOS (string)

}

]

}

]

datePublic : 2016-12-13T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : unspecified (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2016-12-14T10:57:01 (string)

orgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

shortName : cisco (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos (string)

}

1 : { »

name : 94791 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/94791 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@cisco.com (string)

ID : CVE-2016-1411 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Cisco AsyncOS (string)

version : { »

version_data : [ »

0 : { »

version_value : Cisco AsyncOS (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : unspecified (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos (string)

refsource : CONFIRM (string)

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos (string)

}

1 : { »

name : 94791 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/94791 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T22:55:14.485Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos (string)

}

1 : { »

name : 94791 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/94791 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : d1c1063e-7a18-46af-9102-31f8928bc633 (string)

assignerShortName : cisco (string)

cveId : CVE-2016-1411 (string)

datePublished : 2016-12-14T00:37:00 (string)

dateReserved : 2016-01-04T00:00:00 (string)

dateUpdated : 2024-08-05T22:55:14.485Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "07DCBDF0-1E0D-420C-A0BA-2C4C38D13D76", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:*", "matchCriteriaId": "F40DB32E-31F8-44B2-896E-26232EA41873", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:*", "matchCriteriaId": "0B68AE1E-AD02-465E-AC86-FF23591D3882", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:*", "matchCriteriaId": "EA33E2AF-87FE-4F04-AC02-98068C81D92D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:*", "matchCriteriaId": "2F57F5AB-DA2D-49AC-8C61-DD06DF9E8E12", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "D122AF7B-1195-4F83-B8CC-50E22C4417C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:*:*:*:*:*:*:*", "matchCriteriaId": "11E2D3BA-C2EF-4178-B1EA-0E2318DAFE37", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.5.2-hp2-303:*:*:*:*:*:*:*", "matchCriteriaId": "4BCDD9A3-FB62-464B-94F2-33757796CD34", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:*:*:*:*:*:*:*", "matchCriteriaId": "CD7AD8D8-C690-47C6-8A58-8499266F9659", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:*", "matchCriteriaId": "5FABFD96-9076-4838-A775-7DA478214760", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "DCB92F9E-9FA2-4D50-82C2-FF0A20EB42FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:*", "matchCriteriaId": "0D9AFCF6-AFC3-4466-AB77-DA77090BBE0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:email_security_appliance:8.5.1-021:*:*:*:*:*:*:*", "matchCriteriaId": "B221315F-2B45-4D0A-9A7C-9588F467AD75", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:7.7.0-608:*:*:*:*:*:*:*", "matchCriteriaId": "64E907A2-C0C9-4288-BAA7-B36D112EE4CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:7.7.5-835:*:*:*:*:*:*:*", "matchCriteriaId": "A276AE73-EF2D-4D0F-83D6-02CCACFA373D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:web_security_appliance:8.8.0-000:*:*:*:*:*:*:*", "matchCriteriaId": "02CDB2C1-E72C-49A3-B96D-433A9F6A3716", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad de actualizaci\u00f3n de Cisco AsyncOS Software para Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA) y Cisco Content Management Security Appliance (SMA) puede permitir a un atacante remoto no autenticado imitar el servidor de actualizaci\u00f3n. M\u00e1s informaci\u00f3n: CSCul88715, CSCul94617, CSCul94627. Lanzamientos Afectados Conocidos: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Lanzamientos Reparados Conocidos: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019."}], "id": "CVE-2016-1411", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-12-14T00:59:00.173", "references": [{"source": "psirt@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94791"}, {"source": "psirt@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94791"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos"}], "sourceIdentifier": "psirt@cisco.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 07DCBDF0-1E0D-420C-A0BA-2C4C38D13D76 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-004:*:*:*:*:*:*:* (string)

matchCriteriaId : F40DB32E-31F8-44B2-896E-26232EA41873 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-031:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B68AE1E-AD02-465E-AC86-FF23591D3882 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-033:*:*:*:*:*:*:* (string)

matchCriteriaId : EA33E2AF-87FE-4F04-AC02-98068C81D92D (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.1.0-103:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F57F5AB-DA2D-49AC-8C61-DD06DF9E8E12 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:cisco:content_security_management_appliance:9.6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : D122AF7B-1195-4F83-B8CC-50E22C4417C3 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:7.5.2-201:*:*:*:*:*:*:* (string)

matchCriteriaId : 11E2D3BA-C2EF-4178-B1EA-0E2318DAFE37 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:7.5.2-hp2-303:*:*:*:*:*:*:* (string)

matchCriteriaId : 4BCDD9A3-FB62-464B-94F2-33757796CD34 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:7.6.3-025:*:*:*:*:*:*:* (string)

matchCriteriaId : CD7AD8D8-C690-47C6-8A58-8499266F9659 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.0.1-023:*:*:*:*:*:*:* (string)

matchCriteriaId : 5FABFD96-9076-4838-A775-7DA478214760 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : DCB92F9E-9FA2-4D50-82C2-FF0A20EB42FF (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198:*:*:*:*:*:*:* (string)

matchCriteriaId : 0D9AFCF6-AFC3-4466-AB77-DA77090BBE0C (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:cisco:email_security_appliance:8.5.1-021:*:*:*:*:*:*:* (string)

matchCriteriaId : B221315F-2B45-4D0A-9A7C-9588F467AD75 (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:7.7.0-608:*:*:*:*:*:*:* (string)

matchCriteriaId : 64E907A2-C0C9-4288-BAA7-B36D112EE4CA (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:7.7.5-835:*:*:*:*:*:*:* (string)

matchCriteriaId : A276AE73-EF2D-4D0F-83D6-02CCACFA373D (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:cisco:web_security_appliance:8.8.0-000:*:*:*:*:*:*:* (string)

matchCriteriaId : 02CDB2C1-E72C-49A3-B96D-433A9F6A3716 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability in the update functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA), and Cisco Content Management Security Appliance (SMA) could allow an unauthenticated, remote attacker to impersonate the update server. More Information: CSCul88715, CSCul94617, CSCul94627. Known Affected Releases: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Known Fixed Releases: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad en la funcionalidad de actualización de Cisco AsyncOS Software para Cisco Email Security Appliance (ESA), Cisco Web Security Appliance (WSA) y Cisco Content Management Security Appliance (SMA) puede permitir a un atacante remoto no autenticado imitar el servidor de actualización. Más información: CSCul88715, CSCul94617, CSCul94627. Lanzamientos Afectados Conocidos: 7.5.2-201 7.6.3-025 8.0.1-023 8.5.0-000 8.5.0-ER1-198 7.5.2-HP2-303 7.7.0-608 7.7.5-835 8.5.1-021 8.8.0-000 7.9.1-102 8.0.0-404 8.1.1-013 8.2.0-222. Lanzamientos Reparados Conocidos: 8.0.2-069 8.0.2-074 8.5.7-042 9.1.0-032 8.5.2-027 9.6.1-019. (string)

}

]

id : CVE-2016-1411 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.9 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 2.2 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2016-12-14T00:59:00.173 (string)

references : [ »

0 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94791 (string)

}

1 : { »

source : psirt@cisco.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/94791 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-asyncos (string)

}

]

sourceIdentifier : psirt@cisco.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-310 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object