CVE-2016-1360
Published Mar 12, 2016
Last updated 8 years ago
Overview
- Description
- Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.1
- Impact score
- 5.2
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 3
- Impact score
- 4.9
- Exploitability score
- 2.7
- Vector string
- AV:L/AC:M/Au:S/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.1_base:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C5E36F5-4AA3-4771-ADDC-B266402790C7"
},
{
"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DD8078E-C3EC-4366-B645-2FF8DCF6DA53"
},
{
"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E329DAC-C618-4DB0-88B7-A2867EA083AC"
},
{
"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81AA3169-7E6E-466B-B840-1E0E16AAD718"
},
{
"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "478E7F80-FAD8-4C28-A53C-76F4E389C07D"
},
{
"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "14D3A897-D197-41CA-B825-E27EDA050595"
},
{
"criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2_base:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "534DDB94-8474-4066-9795-627A083B252A"
}
],
"operator": "OR"
}
]
}
]