Details of VAR-201603-0289

ID

VAR-201603-0289

CVE

CVE-2016-1360

TITLE

Cisco Prime LAN Management Solution Vulnerability in obtaining plaintext data

Trust: 0.8

sources: JVNDB: JVNDB-2016-001819

DESCRIPTION

Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. Vendors have confirmed this vulnerability Bug ID CSCuw85390 It is released as.There is a possibility that plain text data can be obtained by using a console connection by a local user. The solution configures, manages, monitors and maintains the network

Trust: 1.71

sources: NVD: CVE-2016-1360 // JVNDB: JVNDB-2016-001819 // VULHUB: VHN-90179

AFFECTED PRODUCTS

vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	4.2.5	Trust: 1.6
vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	4.2.3	Trust: 1.6
vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	4.2.2	Trust: 1.6
vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	4.2.4	Trust: 1.6
vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	4.2.1	Trust: 1.6
vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	4.2_base	Trust: 1.6
vendor:	cisco	model:	prime lan management solution	scope:	eq	version:	4.1_base	Trust: 1.6
vendor:	cisco	model:	prime lan management solution	scope:	lte	version:	4.2.5	Trust: 0.8

sources: JVNDB: JVNDB-2016-001819 // CNNVD: CNNVD-201603-173 // NVD: CVE-2016-1360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1360
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1360
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201603-173
value:	LOW
Trust: 0.6
VULHUB:	VHN-90179
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2016-1360
severity:	LOW
baseScore:	3.0
vectorString:	AV:L/AC:M/AU:S/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	2.7
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90179
severity:	LOW
baseScore:	3.0
vectorString:	AV:L/AC:M/AU:S/C:P/I:P/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	2.7
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1360
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	5.2
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90179 // JVNDB: JVNDB-2016-001819 // CNNVD: CNNVD-201603-173 // NVD: CVE-2016-1360

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-90179 // JVNDB: JVNDB-2016-001819 // NVD: CVE-2016-1360

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201603-173

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201603-173

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001819

PATCH

title:

cisco-sa-20160310-prime-lms

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160310-prime-lms

Trust: 0.8

sources: JVNDB: JVNDB-2016-001819

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1360	Trust: 2.5
db:	SECTRACK	id:	1035313	Trust: 1.1
db:	JVNDB	id:	JVNDB-2016-001819	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-173	Trust: 0.7
db:	BID	id:	84313	Trust: 0.1
db:	VULHUB	id:	VHN-90179	Trust: 0.1

sources: VULHUB: VHN-90179 // JVNDB: JVNDB-2016-001819 // CNNVD: CNNVD-201603-173 // NVD: CVE-2016-1360

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160310-prime-lms	Trust: 1.7
url:	http://www.securitytracker.com/id/1035313	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1360	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1360	Trust: 0.8

sources: VULHUB: VHN-90179 // JVNDB: JVNDB-2016-001819 // CNNVD: CNNVD-201603-173 // NVD: CVE-2016-1360

SOURCES

db:	VULHUB	id:	VHN-90179
db:	JVNDB	id:	JVNDB-2016-001819
db:	CNNVD	id:	CNNVD-201603-173
db:	NVD	id:	CVE-2016-1360

LAST UPDATE DATE

2025-04-13T23:14:21.912000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90179	date:	2016-12-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-001819	date:	2016-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201603-173	date:	2016-03-14T00:00:00
db:	NVD	id:	CVE-2016-1360	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90179	date:	2016-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-001819	date:	2016-03-23T00:00:00
db:	CNNVD	id:	CNNVD-201603-173	date:	2016-03-11T00:00:00
db:	NVD	id:	CVE-2016-1360	date:	2016-03-12T02:59:03.910