CVE-2016-1321

MEDIUM

Cisco Universal Small Cell - Info Disclosure

Title source: llm
STIX 2.1

Description

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035014

Scores

CVSS v3 5.8
EPSS 0.0092
EPSS Percentile 55.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (13)
cisco/universal_small_cell_firmware r2.12_base
cisco/universal_small_cell_firmware r2.13_base
cisco/universal_small_cell_firmware r2.14_base
cisco/universal_small_cell_firmware r2.15_base
cisco/universal_small_cell_firmware r2.16_base
cisco/universal_small_cell_firmware r2.17_base
cisco/universal_small_cell_firmware r3.2_base
cisco/universal_small_cell_firmware r3.3_base
cisco/universal_small_cell_firmware r3.4_1.1
cisco/universal_small_cell_firmware r3.4_2.1
... and 3 more
Published Feb 15, 2016
Tracked Since Feb 18, 2026