Vulnerability: Image-Decryption Key Exposure in Cisco Universal Small Cell Devices

Vulnerability: Image-Decryption Key Exposure in Cisco Universal Small Cell Devices

CVE-2016-1321 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Cisco Universal Small Cell devices with firmware R2.12 through R3.5 contain an image-decryption key in flash memory, which allows remote attackers to bypass a certain certificate-validation feature and obtain sensitive firmware-image and IP address data via a request to an unspecified Cisco server, aka Bug ID CSCut98082.

Learn more about our Cis Benchmark Audit For Server Software.