Sign-up

ID

VAR-201603-0030


CVE

CVE-2016-1325


TITLE

Cisco DPC3939B and DPC3941 Vulnerabilities that can capture important information in the device management interface

Trust: 0.8

sources: JVNDB: JVNDB-2016-001713

DESCRIPTION

The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. Cisco DPC3939B and DPC3941 Device management interfaces contain vulnerabilities that can capture important information. The Cisco DPC3939B and DPC3941 are both wireless voice network management products of Cisco. The web-basedadministration interface is one of the web-based management interfaces

Trust: 2.25

sources: NVD: CVE-2016-1325 // JVNDB: JVNDB-2016-001713 // CNVD: CNVD-2016-01602 // VULHUB: VHN-90144

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-01602

AFFECTED PRODUCTS

vendor:ciscomodel:dpc3939 wireless residential voice gatewayscope:eqversion:130514acmcst_base

Trust: 1.0

vendor:ciscomodel:dpc3939 wireless residential voice gatewayscope:eqversion:(xb3)

Trust: 0.8

vendor:ciscomodel:dpc3941 wireless residential gateway with digital voicescope: - version: -

Trust: 0.8

vendor:ciscomodel:dpc3939bscope: - version: -

Trust: 0.6

vendor:ciscomodel:dpc3941scope: - version: -

Trust: 0.6

vendor:ciscomodel:dpc3941 wireless residential voice gatewayscope:eqversion: -

Trust: 0.6

vendor:ciscomodel:dpc3939 wireless residential voice gatewayscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-01602 // JVNDB: JVNDB-2016-001713 // CNNVD: CNNVD-201603-119 // NVD: CVE-2016-1325

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1325
value: HIGH

Trust: 1.0

NVD: CVE-2016-1325
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-01602
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201603-119
value: HIGH

Trust: 0.6

VULHUB: VHN-90144
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2016-1325
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2016-01602
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-90144
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1325
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2016-01602 // VULHUB: VHN-90144 // JVNDB: JVNDB-2016-001713 // CNNVD: CNNVD-201603-119 // NVD: CVE-2016-1325

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-90144 // JVNDB: JVNDB-2016-001713 // NVD: CVE-2016-1325

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-119

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201603-119

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-001713

PATCH
title:cisco-sa-20160309-rgidurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160309-rgid
Trust: 0.8
title:Patch for Cisco DPC3939B and DPC3941 Information Disclosure Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/72545
Trust: 0.6
title:Cisco DPC3939B  and DPC3941 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60479
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-01602 // 
            
            
            
            JVNDB: JVNDB-2016-001713 // 
            
            
            
            CNNVD: CNNVD-201603-119

EXTERNAL IDS
db:NVDid:CVE-2016-1325
Trust: 3.1
db:SECTRACKid:1035232
Trust: 1.1
db:BIDid:84278
Trust: 1.1
db:JVNDBid:JVNDB-2016-001713
Trust: 0.8
db:CNNVDid:CNNVD-201603-119
Trust: 0.7
db:CNVDid:CNVD-2016-01602
Trust: 0.6
db:VULHUBid:VHN-90144
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-01602 // 
            
            
            
            VULHUB: VHN-90144 // 
            
            
            
            JVNDB: JVNDB-2016-001713 // 
            
            
            
            CNNVD: CNNVD-201603-119 // 
            
            
            
            NVD: CVE-2016-1325

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160309-rgid
Trust: 2.3
url:http://www.securityfocus.com/bid/84278
Trust: 1.1
url:http://www.securitytracker.com/id/1035232
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1325
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1325
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-01602 // 
            
            
            
            VULHUB: VHN-90144 // 
            
            
            
            JVNDB: JVNDB-2016-001713 // 
            
            
            
            CNNVD: CNNVD-201603-119 // 
            
            
            
            NVD: CVE-2016-1325

SOURCES
db:CNVDid:CNVD-2016-01602
db:VULHUBid:VHN-90144
db:JVNDBid:JVNDB-2016-001713
db:CNNVDid:CNNVD-201603-119
db:NVDid:CVE-2016-1325

LAST UPDATE DATE
2025-04-13T23:39:00.368000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-01602date:2016-03-14T00:00:00
db:VULHUBid:VHN-90144date:2016-12-03T00:00:00
db:JVNDBid:JVNDB-2016-001713date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201603-119date:2016-03-10T00:00:00
db:NVDid:CVE-2016-1325date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-01602date:2016-03-14T00:00:00
db:VULHUBid:VHN-90144date:2016-03-09T00:00:00
db:JVNDBid:JVNDB-2016-001713date:2016-03-15T00:00:00
db:CNNVDid:CNNVD-201603-119date:2016-03-10T00:00:00
db:NVDid:CVE-2016-1325date:2016-03-09T20:59:02.193