CVE-2015-0768

The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
ciscoprime_network_control_system
2.1\(0.0.85\)
ciscoprime_network_control_system
2.2\(0.0.58\)
ciscoprime_network_control_system
2.2\(0.0.69\)
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=39192
http://www.securitytracker.com/id/1032541
http://tools.cisco.com/security/center/viewAlert.x?alertId=39192
http://www.securitytracker.com/id/1032541