CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequently gain privileges, via crafted JSON data, aka Bug ID CSCuy12409.

Severity	HIGH
CVSS	8.8
CWE	CWE-284
KEV
Published	9 years ago
Modified	1 week ago

Related Products

Product	Advisory	Evidence
Cisco Prime Infrastructure	cisco-sa-20160523-pi-epnm	Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM)	cisco-sa-20160523-pi-epnm	Cisco OpenVuln