A vulnerability in the authentication, authorization, and accounting (AAA) user roles of the Cisco Prime Network Control System (NCS) network management application could allow an authenticated, remote attacker who is logged in as a system monitor user to perform configuration tasks. The vulnerability is due to inconsistent AAA user role implementation, which allows the configuration feature of the Device Work Center (DWC) to be accessible to unauthorized users. An attacker could exploit this vulnerability by logging in as a lower-privileged user and performing actions that should be restricted. An exploit could allow the malicious user to elevate privileges and perform commands that should be restricted. Cisco has confirmed the vulnerability and released software updates. To exploit this vulnerability, an attacker must authenticate to the targeted device. This access requirement decreases the likelihood of a successful exploit. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco prime network control system 2.1\\(0.0.85\\) |
||
cisco prime network control system 2.2\\(0.0.58\\) |
||
cisco prime network control system 2.2\\(0.0.69\\) |
Vulmon