CVE Vulnerabilities

CVE-2016-1290

Published: Apr 06, 2016 | Modified: Jul 29, 2019
CVSS 3.x
8.1
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.

Affected Software

Name Vendor Start Version End Version
Evolved_programmable_network_manager Cisco 1.2.0 (including) 1.2.0 (including)
Prime_infrastructure Cisco 1.2 (including) 1.2 (including)
Prime_infrastructure Cisco 1.2.0.103 (including) 1.2.0.103 (including)
Prime_infrastructure Cisco 1.2.1 (including) 1.2.1 (including)
Prime_infrastructure Cisco 1.3 (including) 1.3 (including)
Prime_infrastructure Cisco 1.3.0.20 (including) 1.3.0.20 (including)
Prime_infrastructure Cisco 1.4 (including) 1.4 (including)
Prime_infrastructure Cisco 1.4.0.45 (including) 1.4.0.45 (including)
Prime_infrastructure Cisco 1.4.1 (including) 1.4.1 (including)
Prime_infrastructure Cisco 1.4.2 (including) 1.4.2 (including)
Prime_infrastructure Cisco 2.0 (including) 2.0 (including)
Prime_infrastructure Cisco 2.1.0 (including) 2.1.0 (including)
Prime_infrastructure Cisco 2.2 (including) 2.2 (including)
Opensolaris Sun snv_124 (including) snv_124 (including)

References