CVE-2016-1297

Name of the Vulnerable Software and Affected Versions Cisco Application Control Engine (ACE) 4710 A5 versions prior to A5(3.1)

Description The issue allows remote authenticated users to bypass intended Role-Based Access Control (RBAC) restrictions. This is achieved by executing arbitrary Command-Line Interface (CLI) commands with admin privileges via an unspecified parameter in a POST request to the Device Manager GUI.

Recommendations For versions prior to A5(3.1), update to version A5(3.1) or later to resolve the issue. As a temporary workaround, consider restricting access to the Device Manager GUI to minimize the risk of exploitation.