RBAC Bypass and Privilege Escalation via Crafted JSON Data in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (Bug ID CSCuy12409)

RBAC Bypass and Privilege Escalation via Crafted JSON Data in Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (Bug ID CSCuy12409)

CVE-2016-1406 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.

Learn more about our Cis Benchmark Audit For Cisco.