CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
EPSS
Percentile
31.9%
A vulnerability in the web GUI of Cisco Connected Grid Network Management System could allow an authenticated, remote attacker to perform limited configuration changes while logged in as a user having the Monitor-Only role.
The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the related configuration pages on the web interface and submitting the changes. An exploit could allow the attacker to make unauthorized modifications to the targeted system.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | connected_grid_network_management_system | any | cpe:2.3:a:cisco:connected_grid_network_management_system:any:*:*:*:*:*:*:* |