CVE-2016-1290

EUVD-2016-2389
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
ciscoevolved_programmable_network_manager
1.2.0
ciscoprime_infrastructure
1.2
ciscoprime_infrastructure
1.2.0.103
ciscoprime_infrastructure
1.2.1
ciscoprime_infrastructure
1.3
ciscoprime_infrastructure
1.3.0.20
ciscoprime_infrastructure
1.4
ciscoprime_infrastructure
1.4.0.45
ciscoprime_infrastructure
1.4.1
ciscoprime_infrastructure
1.4.2
ciscoprime_infrastructure
2.0
ciscoprime_infrastructure
2.1.0
ciscoprime_infrastructure
2.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth
http://www.securitytracker.com/id/1035498
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-privauth
http://www.securitytracker.com/id/1035498