CVE-2016-9196

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2016-9196
A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1).

6.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector : AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-aironet Vendor Advisory
http://www.securityfocus.com/bid/97468 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038187
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:aironet_access_point:8.1\(112.4\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.1\(15.14\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.2\(100.0\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.2\(102.43\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.2_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.1\(131.0\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:aironet_access_point:8.1\(112.3\):*:*:*:*:*:*:*
OR cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*
Information

Published : 2017-04-07 10:59

Updated : 2017-07-11 18:29

NVD link : CVE-2016-9196

Mitre link : CVE-2016-9196

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

cisco

  • aironet_3800e
  • aironet_3800p
  • aironet_2800i
  • aironet_2800e
  • aironet_access_point
  • aironet_3800i
  • aironet_1800