A vulnerability in the web GUI of Cisco Connected Grid Network Management System could allow an authenticated, remote malicious user to perform limited configuration changes while logged in as a user having the Monitor-Only role. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the related configuration pages on the web interface and submitting the changes. An exploit could allow the malicious user to make unauthorized modifications to the targeted system. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco connected grid network management system 3.0\\(0.35\\) |
||
cisco connected grid network management system 3.0\\(0.54\\) |