PT-2016-4791 · Cisco · Cisco Configuration Assistant+1

Published

2016-07-03

·

Updated

2016-11-28

·

CVE-2016-1441

CVSS v3.1

8.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Name of the Vulnerable Software and Affected Versions Cisco Cloud Network Automation Provisioner (CNAP) version 1.0(0) in Cisco Configuration Assistant (CCA)
Description The issue allows remote attackers to bypass intended filesystem and administrative-endpoint restrictions via GET API calls.
Recommendations For Cisco Cloud Network Automation Provisioner (CNAP) version 1.0(0) in Cisco Configuration Assistant (CCA), at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2016-1441

Affected Products

Cisco Cloud Network Automation Provisioner
Cisco Configuration Assistant