Vulnslist

find the latest Cisco vulnerabilities

Cisco Prime Infrastructure API Credentials Management Vulnerability

cisco-sa-20170315-cpi · Medium · Published · Updated

A vulnerability in the APIs for Cisco Prime Infrastructure could allow an authenticated, remote attacker to access an API that should be restricted to a privileged user. The attacker needs to have valid credentials. The vulnerability is due to a lack of proper role-based access control (RBAC) for certain APIs in the application. An attacker could exploit this vulnerability by authenticating to specific APIs as a low-privileged user. An exploit could allow the attacker to view or modify system configuration information. The API usage should be restricted based on the user's privilege level. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-cpi

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-3869
Cisco Bug IDsCSCuy36192
CVSS ScoreBase 5.4
Base 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Prime Infrastructure

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Prime Infrastructure known_affected cisco_csaf CVE-2017-3869 1

Related Products

Product CVE Evidence
Cisco Prime Infrastructure CVE-2017-3869 Cisco OpenVuln