Vulnerability Details : CVE-2016-1427
The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.
Vulnerability category: BypassGain privilegeInformation leak
Exploit prediction scoring system (EPSS) score for CVE-2016-1427
Probability of exploitation activity in the next 30 days: 0.24%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 61 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-1427
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-1427
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-1427
-
http://www.securitytracker.com/id/1036128
Cisco Prime Network Registrar SCP Messaging Flaw Lets Remote Users Obtain Potentially Sensitive Information on the Target System - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr
Cisco Prime Network Registrar System Configuration Protocol Information Disclosure VulnerabilityVendor Advisory
Products affected by CVE-2016-1427
- cpe:2.3:a:cisco:prime_network_registrar:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:prime_network_registrar:8.2.2:*:*:*:*:*:*:*