CVE-2016-1321

MEDIUM

Cisco Universal Small Cell - Info Disclosure

Title source: llm

Description

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1035014

Scores

CVSS v3 5.8

EPSS 0.0008

EPSS Percentile 23.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (13)

cisco/universal_small_cell_firmware

Timeline

Published Feb 15, 2016

Tracked Since Feb 18, 2026