Vulnerability Details : CVE-2016-6362
Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.
Products affected by CVE-2016-6362
- cpe:2.3:a:cisco:aironet_access_point_software:8.1\(15.14\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.2\(100.0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.2\(102.43\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.1\(112.3\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.1\(112.4\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:aironet_access_point_software:8.1\(131.0\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-6362
0.34%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 54 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-6362
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-6362
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-6362
-
http://www.securitytracker.com/id/1036644
Cisco Aironet CLI Input Validation Flaw Lets Local Users Obtain Root Privileges - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-aap1
Cisco Aironet 1800, 2800, and 3800 Series Access Point Platforms CLI Privilege Escalation VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/92513
Cisco Aironet Access Points CVE-2016-6362 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to