CVE-2016-1290

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
ciscoevolved_programmable_network_manager
1.2.0
ciscoprime_infrastructure
1.2
ciscoprime_infrastructure
1.2.0.103
ciscoprime_infrastructure
1.2.1
ciscoprime_infrastructure
1.3
ciscoprime_infrastructure
1.3.0.20
ciscoprime_infrastructure
1.4
ciscoprime_infrastructure
1.4.0.45
ciscoprime_infrastructure
1.4.1
ciscoprime_infrastructure
1.4.2
ciscoprime_infrastructure
2.0
ciscoprime_infrastructure
2.1.0
ciscoprime_infrastructure
2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth
http://www.securitytracker.com/id/1035498
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth
http://www.securitytracker.com/id/1035498