CVE-2018-0096
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875.
Una vulnerabilidad en la funcionalidad RBAC (control de acceso basado en roles) de Cisco Prime Infrastructure podría permitir que un atacante remoto autenticado realice un escalado de privilegios en el que un usuario de un dominio virtual puede visualizar y modificar la configuración de otro dominio virtual. La vulnerabilidad se debe a no poder cumplir correctamente el RBAC para los dominios virtuales. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP manipulada a una aplicación objetivo. Su explotación podría permitir que un atacante omita las políticas RBAC en el sistema objetivo para modificar un dominio virtual y acceder a recursos que no son normalmente accesibles. Cisco Bug IDs: CSCvg36875.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-11-27 CVE Reserved
- 2018-01-18 CVE Published
- 2024-03-15 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
- CWE-863: Incorrect Authorization
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102727 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040242 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Prime Infrastructure Search vendor "Cisco" for product "Prime Infrastructure" | 3.2\(0.0\) Search vendor "Cisco" for product "Prime Infrastructure" and version "3.2\(0.0\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Infrastructure Search vendor "Cisco" for product "Prime Infrastructure" | 3.3\(0.0\) Search vendor "Cisco" for product "Prime Infrastructure" and version "3.3\(0.0\)" | - |
Affected
| ||||||