CVE-2016-1301

Published Feb 7, 2016

Last updated 8 years ago

CVSS high 8.8

Overview

Description: The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.
Source: ykramarz@cisco.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 8.5
Impact score: 10
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-284

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E288E19-D13C-4E66-92C4-832E6151BE03"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.0.1-40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2AB78A0-939D-47F4-9F8A-E8D337FB852E"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.0.2-68:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B057253B-3199-490D-8B16-4F6AC3187147"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3B5ADAD-E627-4D08-B50A-A3251BE025AC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.2-29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "308EBED0-E069-4B8D-BE7B-5FB3940491FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.2-42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "657AC52E-EF40-49D9-A0F9-F9BDA8A67B4D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7FBB326-9011-434D-B142-5C6B1F422442"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91D0E148-44D5-4A48-B33B-E5D891AC7F56"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.1.3-13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D123EB5-1B8F-484B-818D-FD221E7531FA"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "955A92B5-5618-4046-888C-76B996F70FE3"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2.1-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB3F163F-4C7F-462A-8229-1D98C85B7D59"
          },
          {
            "criteria": "cpe:2.3:a:cisco:prime_security_manager:9.2.1-2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEDE8C4C-846A-41FA-998D-58802A3D7F49"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBC9743A-641F-4F0A-97FC-5DF8B0333222"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.1-40:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7F990CF-B6DD-4EE3-B45D-CE4B1110A6DB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A81A0E90-9200-436C-81BC-FA4BF745EEDB"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0.2-68:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13B6FFEA-4F46-4D20-9821-FE32B57F6145"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.0_base:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8068EA1D-6AD6-4BF3-AA1F-C8AD0BC8F298"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-29:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A4AE8C1-9BD1-491A-9835-D95F4D90F496"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.2-42:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0710827-10AD-4DE9-BB0F-B4D072DDC8DA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96F09A7A-9A3D-4D73-912A-2B01CEABEFBA"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AA36AEA-6516-41DD-90D3-0504A4CB5231"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.1.3-13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68C47683-C68B-4B84-80F6-FDFF9156991C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEFA5ADA-E573-447B-AFD9-E37682B57BD9"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1359CC7F-628F-44EB-B36D-FF1210E227B2"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16E7AFAD-3A1D-4244-AA61-85B430E8D51C"
          },
          {
            "criteria": "cpe:2.3:o:cisco:asa_cx_context-aware_security_software:9.2.1-4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC110506-3E7F-4DD9-99D2-6E04F1E65D29"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References