CVE-2016-1406

Sažetak

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm
http://www.securitytracker.com/id/1035948

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-07-2019 - 17:47

Objavljeno

25-05-2016 - 01:59