The API web interface in Cisco Prime Infrastructure prior to 3.1 and Cisco Evolved Programmable Network Manager prior to 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco evolved programmable network manager 1.2.1.3 |
||
cisco evolved programmable network manager 1.2.0 |
||
cisco prime infrastructure 1.4.2 |
||
cisco prime infrastructure 1.4.1 |
||
cisco prime infrastructure 2.2\\(2\\) |
||
cisco prime infrastructure 2.2 |
||
cisco prime infrastructure 1.2.0.103 |
||
cisco prime infrastructure 2.0 |
||
cisco prime infrastructure 1.2.1 |
||
cisco prime infrastructure 3.0 |
||
cisco prime infrastructure 2.1.0 |
||
cisco prime infrastructure 1.4 |
||
cisco evolved programmable network manager 1.2.300 |
||
cisco evolved programmable network manager 1.2.200 |
||
cisco prime infrastructure 1.4.0.45 |
||
cisco prime infrastructure 1.3.0.20 |
||
cisco prime infrastructure 1.3 |
||
cisco prime infrastructure 1.2 |