{"schema_version":"public-product-v1.1","generated_at":"2026-06-10T08:44:10Z","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","advisory":{"id":"cisco-sa-20160616-pnr","slug":"cisco-sa-20160616-pnr","vendor":"Cisco","title":"Cisco Prime Network Registrar System Configuration Protocol Information Disclosure Vulnerability","summary":"A vulnerability in the System Configuration Protocol (SCP) core messaging interface of the Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to lack of proper authentication controls for SCP messages. An attacker could exploit this vulnerability by sending specific SCP protocol messages to the targeted application. An exploit could allow the attacker to learn sensitive information about the application. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr","severity":"Medium","published_at":"2016-06-17T04:15:00Z","updated_at":"2016-06-17T04:15:00Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr","csaf_url":"https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/cisco-sa-20160616-pnr/csaf/cisco-sa-20160616-pnr.json","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure."},"freshness":{"last_source_refreshed_at":"2026-05-26T00:00:03Z","latest_source_refresh_at":"2026-05-26T00:00:03Z","oldest_source_refresh_at":"2026-05-22T00:16:33Z","all_sources_fresh":false,"sources":[{"source":"cisco_advisories","label":"Cisco advisories","last_success_at":"2026-05-26T00:00:03Z","stale":true},{"source":"cisco_csaf","label":"Cisco CSAF","last_success_at":"2026-05-25T03:03:26Z","stale":true},{"source":"nvd_cves","label":"NVD CVEs","last_success_at":"2026-05-22T00:16:33Z","stale":true},{"source":"cisa_kev","label":"CISA KEV","last_success_at":"2026-05-22T00:16:34Z","stale":true},{"source":"first_epss","label":"EPSS","last_success_at":"2026-05-22T00:16:40Z","stale":true}]},"summary":{"cve_count":1,"visible_product_count":1,"public_evidence_count":1,"kev_count":0,"highest_epss":0.00305,"highest_cvss":7.5},"cves":[{"id":"CVE-2016-1427","description":"The System Configuration Protocol (SCP) core messaging interface in Cisco Prime Network Registrar 8.2 before 8.2.3.1 and 8.3 before 8.3.2 allows remote attackers to obtain sensitive information via crafted SCP messages, aka Bug ID CSCuv35694.","severity":"HIGH","kev":false,"epss":{"score":0.00305,"percentile":0.53834,"score_date":"2026-05-21","updated_at":"2026-05-22T00:16:38Z"},"cvss_score":7.5,"cvss_source":"NVD","cwe":"CWE-200","published_at":"2016-06-18T01:59:00Z","modified_at":"2026-05-06T22:30:45Z"}],"public_evidence":[{"product":{"name":"Cisco Prime Network Registrar","slug":"cisco-prime-network-registrar","vendor":"Cisco"},"cve":{"id":"CVE-2016-1427"},"evidence_type":"structured_affected","evidence_label":{"scope":"CSAF product evidence","label":"product_status known affected"},"evidence_source":"Cisco CSAF","source":"Cisco CSAF","source_document_fetched_at":"2026-05-19T19:58:33Z","csaf_status":"known_affected","csaf_product_status":"known_affected","csaf_product_status_path":"vulnerabilities[].product_status.known_affected","raw_product_name":"Cisco Prime Network Registrar","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","exposure_verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","kev":false,"epss":{"score":0.00305,"score_date":"2026-05-21","updated_at":"2026-05-22T00:16:38Z"},"cvss_score":7.5,"cvss_source":"NVD","published_at":"2016-06-17T04:15:00Z","updated_at":"2016-06-17T04:15:00Z","advisory_updated_at":"2016-06-17T04:15:00Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160616-pnr","row_display_order":1}]}