Guest

Preview Tool

Cisco Bug: CSCuw48188 - RBAC bypass vulnerability for limited config pages

Last Modified

Jan 26, 2017

Products (2)

  • Cisco Prime Service Catalog
  • Cisco Prime Service Catalog 11.0

Known Affected Releases

10.0_R2_tanggula 10.0_tanggula 10.1_tanggula 11.0

Description (partial)

Symptoms:
A vulnerability in the web interface of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to perform limited
configuration changes.

The vulnerability is due to missing access controls in some of the web pages that allow configuration changes. An attacker could exploit this
vulnerability by accessing directly the URLs of the affected pages and submitting a configuration change.

Conditions:
Default configuration
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.