CVE-2016-1321

Published Feb 15, 2016

Last updated 8 years ago

CVSS medium 5.8

Overview

Description: Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.8
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r2.12_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FB4F900-ADD6-4BB9-B9E8-1CBBF2FA30B3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r2.13_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DF7151A-FF5B-48BE-8989-1B489C26B6F9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r2.14_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE9110A0-6A74-4B7D-9C17-5BC57496218B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r2.15_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE1D0D9A-58D9-417B-B43D-DA554B78E355"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r2.16_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9D0987A2-C09D-43AD-A963-C949673DDDC2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r2.17_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D8A7623-A7C9-4816-99AE-37436AA407BA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r3.2_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "27B82D74-D53A-4F7F-B394-BA50ED87245B"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r3.3_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF8A9173-C095-4271-BB9B-852B042A308A"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r3.4_1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7E111F3-1991-4299-8064-2820E44363B3"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r3.4_2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6321E696-4E00-4EB4-B458-4FF26C81E052"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r3.4_2.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F788F403-0723-4D27-9C2E-F96DAB1052EE"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r3.4_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA8FB794-EE86-4A93-939B-17585D5967A7"
          },
          {
            "criteria": "cpe:2.3:o:cisco:universal_small_cell_firmware:r3.5_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D348FC4-6B3D-45F1-8C6F-81AC6CE551E4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References