CVE-2016-1406

Name of the Vulnerable Software and Affected Versions Cisco Prime Infrastructure versions prior to 3.1 Cisco Evolved Programmable Network Manager versions prior to 1.2.4

Description The issue is related to a lack of proper access control in the API web interface, allowing remote authenticated users to bypass intended Role-Based Access Control (RBAC) restrictions. This can be achieved by sending crafted JSON data, potentially leading to the disclosure of sensitive information and privilege escalation.

Recommendations For Cisco Prime Infrastructure versions prior to 3.1, update to version 3.1 or later. For Cisco Evolved Programmable Network Manager versions prior to 1.2.4, update to version 1.2.4 or later. As a temporary workaround, consider restricting access to the API web interface until a patch is available.