CVE-2016-9204

MEDIUM

Cisco Nexus 1000V InterCloud <2.2.1 - SSRF

Title source: llm

Description

A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote attacker to connect to internal services with an internal account. Affected Products: Cisco Nexus 1000V InterCloud is affected. More Information: CSCus99379. Known Affected Releases: 2.2(1).

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94816

[VDB Entry] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-icf

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 48.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-255

Status published

Affected Products (2)

cisco/nexus_1000v_intercloud_firmware

n/a/Cisco Intercloud Fabric (ICF) Director < Cisco Intercloud Fabric (ICF) Director

Timeline

Published Dec 14, 2016

Tracked Since Feb 18, 2026