Description
Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035313
Scores
CVSS v3
7.1
EPSS
0.0031
EPSS Percentile
22.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-200
Status
published
Products (7)
cisco/prime_lan_management_solution
4.1_base
cisco/prime_lan_management_solution
4.2.1
cisco/prime_lan_management_solution
4.2.2
cisco/prime_lan_management_solution
4.2.3
cisco/prime_lan_management_solution
4.2.4
cisco/prime_lan_management_solution
4.2.5
cisco/prime_lan_management_solution
4.2_base
Published
Mar 12, 2016
Tracked Since
Feb 18, 2026