Описание
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:cisco:universal_small_cell_firmware:r2.12_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r2.13_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r2.14_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r2.15_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r2.16_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r2.17_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r3.2_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r3.3_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r3.4_1.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r3.4_2.1:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r3.4_2.17:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r3.4_base:*:*:*:*:*:*:*
cpe:2.3:o:cisco:universal_small_cell_firmware:r3.5_base:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
5.8 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 5.8
github
больше 3 лет назад
Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.
EPSS
Процентиль: 24%
0.00082
Низкий
5.8 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200