Description
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035498
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth
Scores
CVSS v3
8.1
EPSS
0.0016
EPSS Percentile
37.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-264
Status
published
Products (14)
cisco/evolved_programmable_network_manager
1.2.0
cisco/prime_infrastructure
1.2
cisco/prime_infrastructure
1.2.0.103
cisco/prime_infrastructure
1.2.1
cisco/prime_infrastructure
1.3
cisco/prime_infrastructure
1.3.0.20
cisco/prime_infrastructure
1.4
cisco/prime_infrastructure
1.4.0.45
cisco/prime_infrastructure
1.4.1
cisco/prime_infrastructure
1.4.2
... and 4 more
Published
Apr 06, 2016
Tracked Since
Feb 18, 2026