Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105616
Category:CISCO
Title:Cisco Prime Infrastructure Privilege Escalation API Vulnerability
Summary:A vulnerability in the web application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to gain elevated privileges.
Description:Summary:
A vulnerability in the web application programming interface (API) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to gain elevated privileges.

Vulnerability Insight:
The vulnerability is due to improper role-based access control (RBAC) when an unexpected HTTP URL request is received that does not match an expected pattern filter.

Vulnerability Impact:
n attacker could exploit this vulnerability by sending a crafted HTTP request with a modified URL to bypass RBAC settings. An exploit could allow the attacker to gain elevated privileges for the application and gain unauthorized access to data.

Affected Software/OS:
Cisco Prime Infrastructure prior to 2.2.3 Update 3/3.0.3

Solution:
Update to Cisco Prime Infrastructure 3.0.3 or newer

CVSS Score:
5.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-1290
Cisco Security Advisory: 20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth
http://www.securitytracker.com/id/1035498
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.