Cisco Bug: CSCuo94842 - Cisco ASA-CX and Cisco PSRM Privilege Escalation Vulnerability
Aug 10, 2016
- Cisco ASA Next-Generation Firewall Services
Known Affected Releases
Symptom: A vulnerability in the role-based access control of Cisco ASA-CX and Cisco Prime Security Manager (PRSM) could allow an authenticated, remote attacker to change the password of any user on the system. Full advisory at: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm Conditions: The vulnerability exists because the password change request is not fully qualified. An authenticated attacker with a user role other than Administrator could exploit this vulnerability by sending a specially crafted HTTP request to the Cisco PRSM. An exploit could allow the attacker to change the password of any user on the system, including users with the Administrator role. All versions of Cisco ASA-CX Content-Aware Security and Cisco PRSM software prior to 126.96.36.199(112) are affected by this vulnerability.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases