CVE-2016-1297
Published Feb 26, 2016
Last updated 8 years ago
Overview
- Description
- The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-78
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.0\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B30ACF96-F3BB-48C6-8CC8-06305F04D137"
},
{
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.1\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AB819FC-9181-4625-8679-FC413FEEB771"
},
{
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(1.2\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16C9EBEB-23D0-4894-9CE8-2B09BADDDFCF"
},
{
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.0\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9B5BB899-2DC6-4EA2-897A-3293EA06DB58"
},
{
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.1\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF2542D0-E96D-40AA-9352-CABC35FAE18E"
},
{
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(2.1e\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "227DD48F-F442-43B5-A417-D9DC7D461253"
},
{
"criteria": "cpe:2.3:a:cisco:application_control_engine_software:a5\\(3.0\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "147FC771-0066-41A9-B750-31FD0DB20D63"
}
],
"operator": "OR"
}
]
}
]