Boot Information Disclosure in Cisco EPC3928 Devices
CVE-2016-1337

8.1HIGH

Key Information:

Vendor

Cisco
Status
Epc3928 Firmware
Vendor
CVE Published:
3 July 2016

What is CVE-2016-1337?

Cisco EPC3928 devices are vulnerable due to a flaw that allows remote attackers to access sensitive configuration settings and credential information during the early boot phase. This exposure can lead to unauthorized access to device management and configuration, facilitating further exploitation of the network. The vulnerability is linked to Bug ID CSCux17178, emphasizing the importance of securing device boot processes to prevent premptive credential disclosure.

References

http://www.securityfocus.com/archive/1/538627/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://www.exploit-db.com/exploits/39904/
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/91541
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2016-1337 : Boot Information Disclosure in Cisco EPC3928 Devices