CVE-2016-1290
First published: Wed Apr 06 2016(Updated: )
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Evolved Programmable Network Manager | =1.2.0 | |
| Cisco Prime Infrastructure | =1.2 | |
| Cisco Prime Infrastructure | =1.2.0.103 | |
| Cisco Prime Infrastructure | =1.2.1 | |
| Cisco Prime Infrastructure | =1.3 | |
| Cisco Prime Infrastructure | =1.3.0.20 | |
| Cisco Prime Infrastructure | =1.4 | |
| Cisco Prime Infrastructure | =1.4.0.45 | |
| Cisco Prime Infrastructure | =1.4.1 | |
| Cisco Prime Infrastructure | =1.4.2 | |
| Cisco Prime Infrastructure | =2.0 | |
| Cisco Prime Infrastructure | =2.1.0 | |
| Cisco Prime Infrastructure | =2.2 | |
| Solaris | =snv_124 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1290?
CVE-2016-1290 has a medium severity rating due to its potential to allow privilege escalation for remote authenticated users.
How do I fix CVE-2016-1290?
To fix CVE-2016-1290, upgrade your Cisco Prime Infrastructure or Cisco Evolved Programmable Network Manager to a version that includes the necessary security patches.
Who is affected by CVE-2016-1290?
CVE-2016-1290 affects remote authenticated users of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager versions up to 2.2(2).
What types of privileges can be gained through CVE-2016-1290?
CVE-2016-1290 allows users to bypass role-based access control (RBAC) restrictions, potentially gaining unauthorized access to sensitive operations.
What action should organizations take regarding CVE-2016-1290?
Organizations should evaluate their use of affected Cisco products and implement the recommended upgrades to mitigate the risks associated with CVE-2016-1290.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco evolved programmable network manager
- version/cisco evolved programmable network manager/1.2.0
- canonical/cisco prime infrastructure
- version/cisco prime infrastructure/1.2
- version/cisco prime infrastructure/1.2.0.103
- version/cisco prime infrastructure/1.2.1
- version/cisco prime infrastructure/1.3
- version/cisco prime infrastructure/1.3.0.20
- version/cisco prime infrastructure/1.4
- version/cisco prime infrastructure/1.4.0.45
- version/cisco prime infrastructure/1.4.1
- version/cisco prime infrastructure/1.4.2
- version/cisco prime infrastructure/2.0
- version/cisco prime infrastructure/2.1.0
- version/cisco prime infrastructure/2.2
- vendor/sun
- canonical/solaris
- version/solaris/snv_124