PT-2016-4694 · Cisco · Cisco Prime Security Manager+1

Publicado

2016-02-07

Atualizado

2016-12-06

CVE-2016-1301

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco ASA-CX Content-Aware Security software versions prior to 9.3.1.1(112) Cisco Prime Security Manager (PRSM) software versions prior to 9.3.1.1(112)

Description The issue in the Role-Based Access Control (RBAC) implementation allows remote authenticated users to change arbitrary passwords by sending a crafted HTTP request.

Recommendations For Cisco ASA-CX Content-Aware Security software versions prior to 9.3.1.1(112), update to version 9.3.1.1(112) or later. For Cisco Prime Security Manager (PRSM) software versions prior to 9.3.1.1(112), update to version 9.3.1.1(112) or later.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-1301

Produtos afetados

Cisco Asa-Cx Content-Aware Security

Cisco Prime Security Manager

PT-2016-4694 · Cisco · Cisco Prime Security Manager+1

CVE-2016-1301

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5