Information Disclosure in Cisco Prime Network Registrar
CVE-2016-1427

7.5HIGH

Key Information:

Vendor: Cisco
Status: Prime Network Registrar
Vendor: CVE Published:; 18 June 2016

What is CVE-2016-1427?

The System Configuration Protocol (SCP) messaging interface in Cisco Prime Network Registrar versions prior to 8.2.3.1 and 8.3.2 is susceptible to a vulnerability that permits remote attackers to gain unauthorized access to sensitive information. This enables potential exploitation by sending specially crafted SCP messages, leading to an exposure of critical system data, ultimately impacting the security posture of affected systems. Users are advised to upgrade to the latest versions to mitigate these risks.

References

http://www.securitytracker.com/id/1036128

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2016
Vulnerability Reserved
Jan 4, 2016