CVE-2016-9151

{"id": "CVE-2016-9151", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-11-19T06:59:03.403", "references": [{"url": "http://www.securityfocus.com/bid/94400", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1037381", "tags": ["VDB Entry", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.paloaltonetworks.com/CVE-2016-9151", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/40788/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/40789/", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables."}, {"lang": "es", "value": "Palo Alto Networks PAN-OS en versiones anteriores a 5.0.20, 5.1.x en versiones anteriores a 5.1.13, 6.0.x en versiones anteriores a 6.0.15, 6.1.x en versiones anteriores a 6.1.15, 7.0.x en versiones anteriores a 7.0.11 y 7.1.x en versiones anteriores a 7.1.6 permite a los usuarios locales obtener privilegios a trav\u00e9s de variables de entorno no especificadas."}], "lastModified": "2020-02-17T16:15:19.240", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA435F50-25DB-4C2D-AC59-D6806A20021D", "versionEndExcluding": "5.0.20", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9284F649-27F3-4850-B47C-A12497D6FAAD", "versionEndExcluding": "5.1.13", "versionStartIncluding": "5.1"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF72CDDC-47AE-46C1-A58F-1081E0FB5CD3", "versionEndExcluding": "6.0.15", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2921240-6A10-431E-AB3D-045F8025D409", "versionEndExcluding": "6.1.15", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75574CF8-4112-4938-A116-0BF4E8683A90", "versionEndExcluding": "7.0.11", "versionStartIncluding": "7.0.0"}, {"criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B152CB8-FC17-4122-8964-DBBDBD92C4B3", "versionEndExcluding": "7.1.6", "versionStartIncluding": "7.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}