CVE-2016-1290
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
Known Affected Software
14 configuration(s) from 2 vendor(s)
prime_infrastructure
Version:
1.3.0.20
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.3.0.20:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.2.0.103
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.2.0.103:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.3
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.3:*:*:*:*:*:*:*
prime_infrastructure
Version:
2.1.0
CPE:
cpe:2.3:a:cisco:prime_infrastructure:2.1.0:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.2
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.2:*:*:*:*:*:*:*
evolved_programmable_network_manager
Version:
1.2.0
CPE:
cpe:2.3:a:cisco:evolved_programmable_network_manager:1.2.0:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.4.2
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.4.2:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.2.1
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.2.1:*:*:*:*:*:*:*
prime_infrastructure
Version:
2.0
CPE:
cpe:2.3:a:cisco:prime_infrastructure:2.0:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.4.0.45
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.4.0.45:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.4
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.4:*:*:*:*:*:*:*
prime_infrastructure
Version:
2.2
CPE:
cpe:2.3:a:cisco:prime_infrastructure:2.2:*:*:*:*:*:*:*
prime_infrastructure
Version:
1.4.1
CPE:
cpe:2.3:a:cisco:prime_infrastructure:1.4.1:*:*:*:*:*:*:*
opensolaris
Version:
snv_124
CPE:
cpe:2.3:o:sun:opensolaris:snv_124:*:*:*:*:*:*:*
This vulnerability affects 14 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauthpsirt@cisco.com Vendor Advisory
-
http://www.securitytracker.com/id/1035498psirt@cisco.com
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauthaf854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
http://www.securitytracker.com/id/1035498af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Key Information
- Published Date
- April 06, 2016
