CVE-2016-1360

HIGH

Cisco Prime LMS <4.2.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1035313

Scores

CVSS v3 7.1
EPSS 0.0031
EPSS Percentile 22.3%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-200
Status published
Products (7)
cisco/prime_lan_management_solution 4.1_base
cisco/prime_lan_management_solution 4.2.1
cisco/prime_lan_management_solution 4.2.2
cisco/prime_lan_management_solution 4.2.3
cisco/prime_lan_management_solution 4.2.4
cisco/prime_lan_management_solution 4.2.5
cisco/prime_lan_management_solution 4.2_base
Published Mar 12, 2016
Tracked Since Feb 18, 2026