Vulnerability Details : CVE-2016-9197
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).
Products affected by CVE-2016-9197
- cpe:2.3:a:cisco:mobility_services_engine:8.3.102.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9197
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 16 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9197
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
6.7
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.8
|
5.9
|
NIST |
CWE ids for CVE-2016-9197
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9197
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cme
Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers Shell Bypass VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/97469
Cisco Mobility Express 2800 and 3800 Series CVE-2016-9197 Local Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to