Cisco Bug: CSCum59958 - PI grants a user default permissions, if wrong register is used to login
Feb 22, 2018
- Cisco Prime Infrastructure
Known Affected Releases
Symptom: A vulnerability in the handling of usernames in Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker with a limited privileges account to escalate his privileges to the default ones. The vulnerability is due to the fact that PI saves usernames, and performs username string comparisons, in a case sensitive manner. An attacker could exploit this vulnerability by typing his/her username in a different case combination than the one registered on PI. If PI is configured for external authentication (e.g: Radius or TACACS) the login will succeed but PI will assign default authorizations to the logged in user. Conditions: PI configured for external authentication.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases