Search...

CVE-2016-1325

2016-03-09T20:59:00

ID CVE-2016-1325
Type cve
Reporter cve@mitre.org
Modified 2016-12-03T03:20:00

Description

The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.

JSON Vulners Source

Initial Source

{"id": "CVE-2016-1325", "bulletinFamily": "NVD", "title": "CVE-2016-1325", "description": "The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506.", "published": "2016-03-09T20:59:00", "modified": "2016-12-03T03:20:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1325", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/84278", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid", "http://www.securitytracker.com/id/1035232"], "cvelist": ["CVE-2016-1325"], "type": "cve", "lastseen": "2020-10-03T12:10:41", "edition": 3, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cisco", "idList": ["CISCO-SA-20160309-RGID"]}], "modified": "2020-10-03T12:10:41", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2020-10-03T12:10:41", "rev": 2}, "vulnersScore": 6.5}, "cpe": ["cpe:/o:cisco:dpc3939_wireless_residential_voice_gateway_firmware:130514acmcst_base"], "affectedSoftware": [{"cpeName": "cisco:dpc3939_wireless_residential_voice_gateway_firmware", "name": "cisco dpc3939 wireless residential voice gateway firmware", "operator": "eq", "version": "130514acmcst_base"}, {"cpeName": "cisco:dpc3939_wireless_residential_voice_gateway_firmware", "name": "cisco dpc3939 wireless residential voice gateway firmware", "operator": "eq", "version": "130514acmcst_base"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH"}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:o:cisco:dpc3939_wireless_residential_voice_gateway_firmware:130514acmcst_base:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "scheme": null, "affectedConfiguration": [{"cpeName": "cisco:dpc3939_wireless_residential_voice_gateway", "name": "cisco dpc3939 wireless residential voice gateway", "operator": "eq", "version": "-"}, {"cpeName": "cisco:dpc3941_wireless_residential_voice_gateway", "name": "cisco dpc3941 wireless residential voice gateway", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:dpc3939_wireless_residential_voice_gateway_firmware:130514acmcst_base:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:dpc3939_wireless_residential_voice_gateway:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:dpc3939_wireless_residential_voice_gateway_firmware:130514acmcst_base:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:dpc3941_wireless_residential_voice_gateway:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}}

{"cisco": [{"lastseen": "2020-12-24T11:41:24", "bulletinFamily": "software", "cvelist": ["CVE-2016-1325"], "description": "A vulnerability in the web-based administration interface of the Cisco Wireless Residential Gateway could allow an unauthenticated, remote attacker to access sensitive information on the affected device. \n\nThe vulnerability is caused by improper access restrictions implemented on the affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.\n\nCisco has released software updates to its service\nprovider customers that address the vulnerability described in this\nadvisory. Prior to contacting Cisco TAC, customers are advised to\ncontact their service providers to confirm the software deployed by the\nservice provider includes the fix that addresses this vulnerability. Workarounds that mitigate this vulnerability are not available.\n\nThis advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid\"]", "modified": "2016-03-09T14:04:57", "published": "2016-03-09T16:00:00", "id": "CISCO-SA-20160309-RGID", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid", "type": "cisco", "title": "Cisco Wireless Residential Gateway Information Disclosure Vulnerability", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:N"}}]}