CVE-2016-1290

CWE-2644 documents4 sources

Severity

8.1HIGH

EPSS

0.2%

top 62.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure SUN Opensolaris

Timeline

PublishedApr 6

Latest updateMay 14

Description

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

▶NVDcisco/evolved_programmable_network_manager1.2.0

▶NVDcisco/prime_infrastructure12 versions+11

▶NVDsun/opensolarissnv_124

🔴Vulnerability Details

GHSA

GHSA-625w-q59j-3hjc: The web API in Cisco Prime Infrastructure 1↗2022-05-14

▶

CVEList

CVE-2016-1290: The web API in Cisco Prime Infrastructure 1↗2016-04-06

▶

📋Vendor Advisories

Cisco

Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability↗2016-04-06

▶