Details of VAR-201602-0059

ID

VAR-201602-0059

CVE

CVE-2016-1321

TITLE

Cisco Universal Small Cell Vulnerability bypassing certain certificate validation functions in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2016-001499

DESCRIPTION

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082. Cisco Universal Small Cell (USC) is an end-to-end platform of Cisco, which integrates 3G, LTE and wireless networks. The platform provides features such as a suitable network access point and high-performance mobile voice coverage for any environment. A security vulnerability exists in Cisco USC devices using firmware versions R2.12 through R3.5 due to the inclusion of image-decryption keys in flash memory

Trust: 1.71

sources: NVD: CVE-2016-1321 // JVNDB: JVNDB-2016-001499 // VULHUB: VHN-90140

AFFECTED PRODUCTS

vendor:	cisco	model:	universal small cell	scope:	eq	version:	r3.4_base	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r2.12_base	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r3.4_2.17	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r3.4_2.1	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r3.3_base	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r3.5_base	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r3.2_base	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r2.17_base	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r2.16_base	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r3.4_1.1	Trust: 1.6
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r2.15_base	Trust: 1.0
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r2.13_base	Trust: 1.0
vendor:	cisco	model:	universal small cell	scope:	eq	version:	r2.14_base	Trust: 1.0
vendor:	cisco	model:	universal small cell series	scope:	eq	version:	r2.12 to r3.5	Trust: 0.8

sources: JVNDB: JVNDB-2016-001499 // CNNVD: CNNVD-201602-293 // NVD: CVE-2016-1321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1321
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2016-1321
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201602-293
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-90140
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1321
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90140
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1321
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90140 // JVNDB: JVNDB-2016-001499 // CNNVD: CNNVD-201602-293 // NVD: CVE-2016-1321

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-90140 // JVNDB: JVNDB-2016-001499 // NVD: CVE-2016-1321

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201602-293

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201602-293

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001499

PATCH

title:

cisco-sa-20160212-usc

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc

Trust: 0.8

sources: JVNDB: JVNDB-2016-001499

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1321	Trust: 2.5
db:	SECTRACK	id:	1035014	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001499	Trust: 0.8
db:	CNNVD	id:	CNNVD-201602-293	Trust: 0.7
db:	NSFOCUS	id:	32461	Trust: 0.6
db:	VULHUB	id:	VHN-90140	Trust: 0.1

sources: VULHUB: VHN-90140 // JVNDB: JVNDB-2016-001499 // CNNVD: CNNVD-201602-293 // NVD: CVE-2016-1321

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160212-usc	Trust: 1.7
url:	http://www.securitytracker.com/id/1035014	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1321	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1321	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/32461	Trust: 0.6

sources: VULHUB: VHN-90140 // JVNDB: JVNDB-2016-001499 // CNNVD: CNNVD-201602-293 // NVD: CVE-2016-1321

SOURCES

db:	VULHUB	id:	VHN-90140
db:	JVNDB	id:	JVNDB-2016-001499
db:	CNNVD	id:	CNNVD-201602-293
db:	NVD	id:	CVE-2016-1321

LAST UPDATE DATE

2025-04-13T23:25:10.803000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90140	date:	2016-12-06T00:00:00
db:	JVNDB	id:	JVNDB-2016-001499	date:	2016-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201602-293	date:	2016-02-16T00:00:00
db:	NVD	id:	CVE-2016-1321	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90140	date:	2016-02-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-001499	date:	2016-02-25T00:00:00
db:	CNNVD	id:	CNNVD-201602-293	date:	2016-02-16T00:00:00
db:	NVD	id:	CVE-2016-1321	date:	2016-02-15T23:59:02.083