CVE-2016-1321

Published: Feb 15, 2016Modified: May 6, 2026

5.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.

Affected (13)

Products: Cisco: Universal Small Cell Firmware

Cisco

1 product

Universal Small Cell Firmware

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Cisco Universal Small Cell Firmware	Version r2.12_base
Cisco Universal Small Cell Firmware	Version r2.13_base
Cisco Universal Small Cell Firmware	Version r2.14_base
Cisco Universal Small Cell Firmware	Version r2.15_base
Cisco Universal Small Cell Firmware	Version r2.16_base
Cisco Universal Small Cell Firmware	Version r2.17_base
Cisco Universal Small Cell Firmware	Version r3.2_base
Cisco Universal Small Cell Firmware	Version r3.3_base
Cisco Universal Small Cell Firmware	Version r3.4_1.1
Cisco Universal Small Cell Firmware	Version r3.4_2.17
Cisco Universal Small Cell Firmware	Version r3.4_2.1
Cisco Universal Small Cell Firmware	Version r3.4_base
Cisco Universal Small Cell Firmware	Version r3.5_base

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1035014

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1035014

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.