Vulnerability Name: | CVE-2018-0096 (CCN-137730) | ||||||||||||
Assigned: | 2017-11-27 | ||||||||||||
Published: | 2018-01-17 | ||||||||||||
Updated: | 2019-10-09 | ||||||||||||
Summary: | A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875. | ||||||||||||
CVSS v3 Severity: | 5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N) 5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-863 | ||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2018-0096 Source: BID Type: Third Party Advisory, VDB Entry 102727 Source: CCN Type: BID-102727 Cisco Prime Infrastructure CVE-2018-0096 Privilege Escalation Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040242 Source: XF Type: UNKNOWN cisco-cpi-cve20180096-priv-esc(137730) Source: CCN Type: Cisco Security Advisory cisco-sa-20180117-cpi Cisco Prime Infrastructure Privilege Escalation Vulnerability Source: CONFIRM Type: Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |