Cisco Universal Small Cell Devices Unauthorized Firmware Retrieval Vulnerability

A vulnerability in Cisco Universal Small Cell devices could allow an unauthenticated, remote attacker to retrieve firmware from a Cisco-hosted binary server.

The vulnerability is due to insufficient enforcement of the two-way certificate validation process by the Cisco-hosted binary server to ensure that only Cisco Universal Small Cell devices are able to download the firmware images and service provider configuration hints file.

The hints file contains IP addresses of the device’s provisioned service provider Cisco Universal Small Cell RAN Management System. The binary images retrieved from the image distribution service could be decrypted by an attacker who has previously retrieved a valid key from the flash of a Cisco Universal Small Cell device.

Workarounds that address this vulnerability are not available.

This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160212-usc”]