Guest

Preview Tool

Cisco Bug: CSCvu20180 - Read-only user is able to edit / configure the Monitor alerts for FMC gui.

Last Modified

May 12, 2020

Products (1)

  • Cisco Firepower Management Center

Known Affected Releases

6.4.0.4

Description (partial)

Symptom:
Scenario 1:
============
Logged in FMC as admin user and created a "test" health alert.

Logged in read-only user "read1" and could delete the same which should not be possible as per customer’s requirement.

Scenario 2: 
========
Logged in as readonly user "read1" and successfully create the health alert, which should not be allowed per customer’s requirement.

Conditions:
USER ROLE:
============
I have tried the above 2 scenarios with the read-only user available on FMC, with the below permissions:
Users > User Roles > Name: Security Analyst (Read-Only) > menu based permissions (Health - enabled, Health policy - Disabled) 
 
- The available options on FMC gui are under User Roles are related to: Health policy and Health Events. There is no option for Monitor alerts specifically.

- Also tried to create a custom user role but again no option for Monitor alerts. And got the same test outcomes
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.