Lucene search
CiscoCVE-2015-0768HistoryJun 12, 2015 - 2:59 p.m.
CVE-2015-0768
2015-06-1214:59:00
CWE-264
cisco
web.nvd.nist.gov
28
cisco
prime
ncs
security
vulnerability
aaa
role
bypass
cve-2015-0768
cscur27371
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
51.3%
The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371.
Affected configurations
Node
ciscoprime_network_control_systemMatch2.1\(0.0.85\)
ORciscoprime_network_control_systemMatch2.2\(0.0.58\)
ORciscoprime_network_control_systemMatch2.2\(0.0.69\)
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | prime_network_control_system | 2.1(0.0.85) | cpe:2.3:a:cisco:prime_network_control_system:2.1\(0.0.85\):*:*:*:*:*:*:* |
| cisco | prime_network_control_system | 2.2(0.0.58) | cpe:2.3:a:cisco:prime_network_control_system:2.2\(0.0.58\):*:*:*:*:*:*:* |
| cisco | prime_network_control_system | 2.2(0.0.69) | cpe:2.3:a:cisco:prime_network_control_system:2.2\(0.0.69\):*:*:*:*:*:*:* |
Related
cisco
cisco
Cisco Prime Network Control System Unauthorized Configuration Vulnerability
2015-06-09 13:37:59
prion
prion
Design/Logic Flaw
2015-06-12 14:59:00
cvelist
cvelist
CVE-2015-0768
2015-06-12 14:00:00
nvd
nvd
CVE-2015-0768
2015-06-12 14:59:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
51.3%
Related for CVE-2015-0768