CVE-2016-1320

The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286.

Published: Feb 12, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-1320
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.7
AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.8
AV:L/AC:L/Au:S/C:C/I:C/A:C

CWEs:

CWE-78
CWE-264

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
cisco / prime_collaboration	9.0.5	9.0.5.x
cisco / prime_collaboration	11.0.0	11.0.0.x
cisco / prime_collaboration	9.0.0	9.0.0.x

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160209-pcp
https://www.tenable.com/security/research/tra-2016-38

Vulnerability Database

289,784

CVE-2016-1320