CVE-2016-6430
published 2016-11-03CVE-2016-6430: A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to…
PriorityP434high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.29%
21.0th percentile
A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
| cisco | ip_interoperability_and_collaboration_system | — | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.6MEDIUMAV:L/AC:M/Au:S/C:C/I:C/A:C
vendor_cisco6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2fpc-vhw2-6c3x: A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local at
ghsa_unreviewed·2022-05-17
CVE-2016-6430 [HIGH] GHSA-2fpc-vhw2-6c3x: A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local at
A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1).
Cisco
Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
vendor_cisco·2016-10-26·CVSS 6.6
CVE-2016-6430 [MEDIUM] CWE-264 Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering specific, crafted command input.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161026-ipics2
Cisco
Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
vendor_cisco
CVE-2016-6430 Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
CVE-2016-6430: Cisco IP Interoperability and Collaboration System Command-Line Interface Privilege Escalation Vulnerability
A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering specific, crafted command input. Cisco has released software updates that address this vulnerability. There are no
CWE: CWE-264, CWE-264
Bug IDs: CSCva38636
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-11-03
Published