CVE-2016-10700

{"id": "CVE-2016-10700", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-11-24T05:29:00.190", "references": [{"url": "http://bugs.cacti.net/view.php?id=2697", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.cacti.net/release_notes_1_0_0.php", "tags": ["Issue Tracking", "Release Notes", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313."}, {"lang": "es", "value": "auth_login.php en versiones anteriores a la 1.0.0 de Cacti permite que usuarios autenticados remotos que emplean la autenticaci\u00f3n web omitan las restricciones de acceso planeadas iniciando sesi\u00f3n como usuario que no est\u00e1 en la base de datos de Cacti, ya que el usuario invitado no est\u00e1 considerado. NOTA: Esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2016-2313."}], "lastModified": "2017-12-11T19:35:45.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FE55913-88BA-4A5F-91D0-B7EC37EAC334", "versionEndExcluding": "1.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}