Vulnerability Details : CVE-2016-1334
Cisco Small Business 500 Wireless Access Point devices with firmware 1.0.4.4 allow remote attackers to set the system time via a crafted POST request, aka Bug ID CSCuy01457.
Vulnerability category: Input validation
Products affected by CVE-2016-1334
- cpe:2.3:o:cisco:small_business_wireless_access_points_firmware:1.0.4.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-1334
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-1334
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2016-1334
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1334
-
http://www.securitytracker.com/id/1035036
Cisco Small Business 500 Series Wireless Access Points Input Validation Flaw Lets Remote Users Modify the Time on the Target System - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160216-wap
Cisco Small Business 500 Series Wireless Access Point Configuration Modification VulnerabilityVendor Advisory
Jump to