CVE-2016-1301

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.
Severity
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
ciscoprime_security_manager
9.0.0
ciscoprime_security_manager
9.0.1-40
ciscoprime_security_manager
9.0.2-68
ciscoprime_security_manager
9.1.0
ciscoprime_security_manager
9.1.2-29
ciscoprime_security_manager
9.1.2-42
ciscoprime_security_manager
9.1.3-8
ciscoprime_security_manager
9.1.3-10
ciscoprime_security_manager
9.1.3-13
ciscoprime_security_manager
9.2.0
ciscoprime_security_manager
9.2.1-1
ciscoprime_security_manager
9.2.1-2
ciscoasa_cx_context-aware_security_software
9.0.1
ciscoasa_cx_context-aware_security_software
9.0.1-40
ciscoasa_cx_context-aware_security_software
9.0.2
ciscoasa_cx_context-aware_security_software
9.0.2-68
ciscoasa_cx_context-aware_security_software
9.0_base
ciscoasa_cx_context-aware_security_software
9.1.2-29
ciscoasa_cx_context-aware_security_software
9.1.2-42
ciscoasa_cx_context-aware_security_software
9.1.3-8
ciscoasa_cx_context-aware_security_software
9.1.3-10
ciscoasa_cx_context-aware_security_software
9.1.3-13
ciscoasa_cx_context-aware_security_software
9.2.1-1
ciscoasa_cx_context-aware_security_software
9.2.1-2
ciscoasa_cx_context-aware_security_software
9.2.1-3
ciscoasa_cx_context-aware_security_software
9.2.1-4
𝑥
= Vulnerable software versions