CVE-2015-6362
First published: Tue Nov 10 2015(Updated: )
The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Connected Grid Network Management System | =3.0\(0.35\) | |
| Cisco Connected Grid Network Management System | =3.0\(0.54\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6362?
CVE-2015-6362 has a medium severity rating due to the potential for unauthorized configuration changes by authenticated users.
How do I fix CVE-2015-6362?
To fix CVE-2015-6362, it is recommended to upgrade the Cisco Connected Grid Network Management System to a version that is not vulnerable.
Who is affected by CVE-2015-6362?
Users of Cisco Connected Grid Network Management System versions 3.0(0.35) and 3.0(0.54) are affected by CVE-2015-6362.
What type of access does CVE-2015-6362 allow?
CVE-2015-6362 allows remote authenticated users to bypass access restrictions and modify configurations.
When was CVE-2015-6362 reported?
CVE-2015-6362 was reported on November 9, 2015, in conjunction with Cisco's security advisory.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco connected grid network management system
- version/cisco connected grid network management system/3.0\(0.35\)
- version/cisco connected grid network management system/3.0\(0.54\)