What is CVE-2016-1360?

CVE-2016-1360 is a high-severity vulnerability in Cisco Prime_lan_management_solution, classified under Information Disclosure. CVSS score: 7.1/10. Published 2016-03-12.

How severe is CVE-2016-1360?

High severity. CVSS v3 base score is 7.1 out of 10.

Information disclosure in Cisco Prime_lan_management_solution

CVE-2016-1360

Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers' installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw…

Vulnerability class: Information Disclosure

EPSS: 0.001 (18.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Prime_lan_management_solution — versions 4.1_base, 4.2.1, 4.2.2
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20160310 Cisco Prime LAN Management Solution Default Decryption Key Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1035313 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2016-1360?: CVE-2016-1360 is a high-severity vulnerability in Cisco Prime_lan_management_solution, classified under Information Disclosure. CVSS score: 7.1/10. Published 2016-03-12.
How severe is CVE-2016-1360?: High severity. CVSS v3 base score is 7.1 out of 10.