PT-2017-9926 · Aruba · Cloudvision Portal

Published

2017-01-23

Updated

2017-01-26

CVE-2016-9012

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CloudVision Portal (CVP) versions prior to 2016.1.2.1

Description The issue allows remote authenticated users to gain access to internal configuration mechanisms via the management plane. This is related to a request to the "/web/system/console/bundle" API endpoint.

Recommendations For versions prior to 2016.1.2.1, update to version 2016.1.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/web/system/console/bundle" API endpoint to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-9012

Affected Products

Cloudvision Portal

PT-2017-9926 · Aruba · Cloudvision Portal

CVE-2016-9012

Weakness Enumeration

Related Identifiers

Affected Products

References · 4