CVE-2016-4435

An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.

CVSS v3.0 9.0 CRITICAL
CVSS v2.0 6.8 MEDIUM

9.0^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://pivotal.io/security/cve-2016-4435	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pivotal:bosh_stemcell:3146.13:::::::*
	cpe:2.3:a:pivotal:bosh_stemcell::::::::

Information

Published : 2017-05-25 10:29

Updated : 2017-10-02 08:28

NVD link : CVE-2016-4435

Mitre link : CVE-2016-4435

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

pivotal

bosh_stemcell

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://pivotal.io/security/cve-2016-4435", "name": "https://pivotal.io/security/cve-2016-4435", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-4435", "ASSIGNER": "secure@dell.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.0", "baseScore": 9.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.2}}, "publishedDate": "2017-05-25T17:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:pivotal:bosh_stemcell:3146.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:pivotal:bosh_stemcell:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3232.4"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-02T15:28Z"}

9.0 /10