CVE-2016-1360
Summary
| CVE | CVE-2016-1360 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-03-12 02:59:00 UTC |
| Updated | 2016-12-03 03:20:00 UTC |
| Description | Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Prime Lan Management Solution | 4.1_base | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.1 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.2 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.3 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.4 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.5 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2_base | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.1_base | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.1 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.2 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.3 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.4 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2.5 | All | All | All |
| Application | Cisco | Prime Lan Management Solution | 4.2_base | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Prime LAN Management Solution Default Decryption Key Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Cisco Prime LAN Management Solution Flaw Lets Local Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.