CVE-2016-1303

The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs	Vendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:500_series_switch_firmware:1.2.0.92:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:sf500-24::::::::
	cpe:2.3:h:cisco:sf500-24p::::::::
	cpe:2.3:h:cisco:sf500-48::::::::
	cpe:2.3:h:cisco:sf500-48p::::::::
	cpe:2.3:h:cisco:sg500-28::::::::
	cpe:2.3:h:cisco:sg500-28mpp::::::::
	cpe:2.3:h:cisco:sg500-28p::::::::
	cpe:2.3:h:cisco:sg500-52::::::::
	cpe:2.3:h:cisco:sg500-52mp::::::::
	cpe:2.3:h:cisco:sg500-52p::::::::
	cpe:2.3:h:cisco:sg500x-24::::::::
	cpe:2.3:h:cisco:sg500x-24p::::::::
	cpe:2.3:h:cisco:sg500x-48::::::::
	cpe:2.3:h:cisco:sg500x-48p::::::::
	cpe:2.3:h:cisco:sg500xg-8f8t::::::::

History

21 Nov 2024, 02:46

Type	Values Removed	Values Added
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs - Vendor Advisory

Information

Published : 2016-01-30 12:59

Updated : 2025-04-12 10:46

NVD link : CVE-2016-1303

Mitre link : CVE-2016-1303

CVE.ORG link : CVE-2016-1303

JSON object : View

Products Affected

cisco

sg500x-24
500_series_switch_firmware
sf500-24
sg500x-48p
sg500xg-8f8t
sg500-52
sf500-48
sg500-28mpp
sg500-52mp
sg500x-48
sg500x-24p
sg500-28
sg500-52p
sf500-48p
sg500-28p
sf500-24p

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2016-1303", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": true, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-01-30T12:59:01.290", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160128-sbs", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote attackers to cause a denial of service via a crafted HTTP request, aka Bug ID CSCul65330."}, {"lang": "es", "value": "La GUI web en dispositivos Cisco Small Business 500 1.2.0.92 permite a atacantes remotos causar una denegaci\u00f3n de servicio a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocida como Bug ID CSCul65330."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:500_series_switch_firmware:1.2.0.92:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "002EBDD8-54C8-4AAF-BF4A-AA624082B647"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf500-24:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D2ECC9D-B6C6-42B9-82ED-216641C04E5F"}, {"criteria": "cpe:2.3:h:cisco:sf500-24p:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F7FB7696-D7CE-428A-B9DB-91F168D541E2"}, {"criteria": "cpe:2.3:h:cisco:sf500-48:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8951DB6-83C0-476F-A257-8870866CDCE3"}, {"criteria": "cpe:2.3:h:cisco:sf500-48p:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EB07F4E8-D70B-4475-B402-77AB7A0E55E7"}, {"criteria": "cpe:2.3:h:cisco:sg500-28:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "371ED03D-AC1A-41EF-BD95-0FD6E9BACFF4"}, {"criteria": "cpe:2.3:h:cisco:sg500-28mpp:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73FDF244-34DC-448A-B716-896AE74AFBE1"}, {"criteria": "cpe:2.3:h:cisco:sg500-28p:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1E0BA61C-8C87-4E8F-A280-7730493D11B6"}, {"criteria": "cpe:2.3:h:cisco:sg500-52:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE1D9990-C936-4D77-964F-E5149CB49940"}, {"criteria": "cpe:2.3:h:cisco:sg500-52mp:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2396CE32-6E90-4F1F-AAE2-FADC09EE4699"}, {"criteria": "cpe:2.3:h:cisco:sg500-52p:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "32C43BA7-A9F6-4841-8660-C3A1F671C6A0"}, {"criteria": "cpe:2.3:h:cisco:sg500x-24:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "83F6D338-DF58-4389-B7A0-C63411BD437B"}, {"criteria": "cpe:2.3:h:cisco:sg500x-24p:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2778C8FF-CDE8-46AE-A43F-28267A381D91"}, {"criteria": "cpe:2.3:h:cisco:sg500x-48:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2828F297-55B1-472B-9405-79C4A142C54D"}, {"criteria": "cpe:2.3:h:cisco:sg500x-48p:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "65774D5F-6443-475C-95C5-8CE338D7FE4E"}, {"criteria": "cpe:2.3:h:cisco:sg500xg-8f8t:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4D256913-1A29-47F6-A012-D5371F109366"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@cisco.com"}

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2016-1303

7.5^/10

7.8^/10

Attach tags to `CVE-2016-1303`