Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-0096

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875.

Published

2018-01-18T06:29:00.817

Last Modified

2024-11-21T03:37:30.763

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

6.8

Impact Score

4.9

Weaknesses
  • Type: Secondary
    CWE-264
  • Type: Primary
    CWE-863
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco prime_infrastructure 3.2\(0.0\) Yes
Application cisco prime_infrastructure 3.3\(0.0\) Yes
References