CVE-2016-1406
Last modified
CVE-2016-1406 is a vulnerability of currently unknown severity. The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.. EPSS estimates a 1.62% chance of exploitation in the next 30 days.
Description
The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Evolved Programmable Network Manager | 1.2.0 |
| Cisco | Evolved Programmable Network Manager | 1.2.1.3 |
| Cisco | Evolved Programmable Network Manager | 1.2.200 |
| Cisco | Evolved Programmable Network Manager | 1.2.300 |
| Cisco | Prime Infrastructure | 1.2 |
| Cisco | Prime Infrastructure | 1.2.0.103 |
| Cisco | Prime Infrastructure | 1.2.1 |
| Cisco | Prime Infrastructure | 1.3 |
| Cisco | Prime Infrastructure | 1.3.0.20 |
| Cisco | Prime Infrastructure | 1.4 |
| Cisco | Prime Infrastructure | 1.4.0.45 |
| Cisco | Prime Infrastructure | 1.4.1 |
| Cisco | Prime Infrastructure | 1.4.2 |
| Cisco | Prime Infrastructure | 2.0 |
| Cisco | Prime Infrastructure | 2.1.0 |
| Cisco | Prime Infrastructure | 2.2 |
| Cisco | Prime Infrastructure | 2.2\(2\) |
| Cisco | Prime Infrastructure | 3.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-1406?
How severe is CVE-2016-1406?
How do I fix CVE-2016-1406?
Are you affected by CVE-2016-1406?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST