CVE-2016-1406
HIGHCisco Prime Infrastructure <3.1 - Cisco Evolved Programmable Networ...
Title source: llmDescription
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1035948
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160523-pi-epnm
Scores
CVSS v3
8.8
EPSS
0.0162
EPSS Percentile
73.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (18)
cisco/evolved_programmable_network_manager
1.2.0
cisco/evolved_programmable_network_manager
1.2.1.3
cisco/evolved_programmable_network_manager
1.2.200
cisco/evolved_programmable_network_manager
1.2.300
cisco/prime_infrastructure
1.2
cisco/prime_infrastructure
1.2.0.103
cisco/prime_infrastructure
1.2.1
cisco/prime_infrastructure
1.3
cisco/prime_infrastructure
1.3.0.20
cisco/prime_infrastructure
1.4
... and 8 more
Published
May 25, 2016
Tracked Since
Feb 18, 2026