CVE-2016-1360

Published Mar 12, 2016

Last updated a month ago

CVSS high 7.1

Overview

Description: Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.1
Impact score: 5.2
Exploitability score: 1.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 3
Impact score: 4.9
Exploitability score: 2.7
Vector string: AV:L/AC:M/Au:S/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.1_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C5E36F5-4AA3-4771-ADDC-B266402790C7"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DD8078E-C3EC-4366-B645-2FF8DCF6DA53"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E329DAC-C618-4DB0-88B7-A2867EA083AC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81AA3169-7E6E-466B-B840-1E0E16AAD718"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "478E7F80-FAD8-4C28-A53C-76F4E389C07D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14D3A897-D197-41CA-B825-E27EDA050595"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_lan_management_solution:4.2_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "534DDB94-8474-4066-9795-627A083B252A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References