CVE-2016-6452
Published Nov 3, 2016
Last updated 8 years ago
Overview
- Description
- A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full administrator privileges. Cisco Prime Home versions 5.1.1.6 and earlier and 5.2.2.2 and earlier have been confirmed to be vulnerable. Cisco Prime Home versions 6.0 and later are not vulnerable. More Information: CSCvb71732. Known Affected Releases: 5.0 5.0(1) 5.0(1.1) 5.0(1.2) 5.0(2) 5.15.1(0) 5.1(1) 5.1(1.3) 5.1(1.4) 5.1(1.5) 5.1(1.6) 5.1(2) 5.1(2.1) 5.1(2.3) 5.25.2(0.1) 5.2(1.0) 5.2(1.2) 5.2(2.0) 5.2(2.1) 5.2(2.2).
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-287
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:prime_home:5.0_base:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "908F4C99-2865-4D03-8294-C593FEDF22D5"
},
{
"criteria": "cpe:2.3:a:cisco:prime_home:5.1_base:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82D8BB07-2349-44EC-B47C-202EC2EF6B79"
},
{
"criteria": "cpe:2.3:a:cisco:prime_home:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "727AED04-25AB-4C29-B904-DBACE487A8E5"
}
],
"operator": "OR"
}
]
}
]