SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Cisco Prime Infrastructure Vendors:   Cisco
Cisco Prime Infrastructure Web API JSON Bug Lets Remote Authenticated Users Gain Elevated Privileges
SecurityTracker Alert ID:  1035948
SecurityTracker URL:  http://securitytracker.com/id/1035948
CVE Reference:   CVE-2016-1406   (Links to External Site)
Date:  May 24 2016
Impact:   Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.1
Description:   A vulnerability was reported in Cisco Prime Infrastructure. A remote authenticated user can gain elevated privileges.

A remote authenticated user can supply a specially crafted JSON payload in an HTTP request to the target web API to bypass role-based access controls (RBACs) and gain root privileges on the target system.

Cisco Evolved Programmable Network Manager is also affected.

The vendor has assigned bug IDs CSCuy12409 and CSCuy12511 to this vulnerability.

Impact:   A remote authenticated user can gain root privileges on the target system.
Solution:   The vendor has issued a fix (3.1).

The vendor's advisory is available at:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC