Tim Wörner

**Name of the Vulnerable Software and Affected Versions** Cubro EXA48200 network packet broker versions prior to V5.0R14.5P4-V3.3R1 **Description** The issue concerns incorrect access control in the Cubro EXA48200 network packet broker. It allows remote authenticated users to increase their privileges by sending a single HTTP PUT request to the "/api/user/users" endpoint in the web GUI with the `rolename` set to `Administrator`. **Recommendations** For versions prior to V5.0R14.5P4-V3.3R1, update to V5.0R14.5P4-V3.3R1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/api/user/users" endpoint to prevent unauthorized privilege escalation.