Skip to main content

Prime Collaboration CVE-2016-1320

MEDIUM
OS Command Injection (CWE-78)
2016-02-12 psirt@cisco.com
6.7
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.7 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 12, 2016 - 01:59 cve.org
MEDIUM 6.7

DescriptionCVE.org

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.

AnalysisAI

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. Affected products include: Cisco Prime Collaboration.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.

CVE-2018-15389 CRITICAL
9.8 Oct 05

A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated,

CVE-2018-0321 CRITICAL
9.8 Jun 07

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to acces

CVE-2018-0320 CRITICAL
9.8 Jun 07

A vulnerability in the web framework code of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated

CVE-2018-0319 CRITICAL
9.8 Jun 07

A vulnerability in the password recovery function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthe

CVE-2018-0318 CRITICAL
9.8 Jun 07

A vulnerability in the password reset function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenti

CVE-2018-0336 HIGH
8.8 Jun 07

A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated

CVE-2018-0322 HIGH
8.8 Jun 07

A vulnerability in the web management interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authentic

CVE-2018-0317 HIGH
8.8 Jun 07

A vulnerability in the web interface of Cisco Prime Collaboration Provisioning (PCP) could allow an authenticated, remot

CVE-2018-0141 HIGH
8.4 Mar 08

A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software 11.6 could allow an unauthenticated, local atta

CVE-2018-0335 HIGH
7.8 Jun 07

A vulnerability in the web portal authentication process of Cisco Prime Collaboration Provisioning could allow an unauth

CVE-2013-1125 MEDIUM
6.8 Feb 19

The command-line interface in Cisco Identity Services Engine Software, Secure Access Control System (ACS), Application N

CVE-2013-1196 MEDIUM
6.8 Apr 29

The command-line interface in Cisco Secure Access Control System (ACS), Identity Services Engine Software, Context Direc

Share

CVE-2016-1320 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy