Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2018-0096

CVE information

Published

4 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

Medium

Impact Analysis

Description

A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875..

CVSSv2.0 Score

Severity
Medium
Base Score
4.9/10
Exploit Score
6.8/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
Single
Impact Score
4.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
Partial

CVSSv3.1 Score

Severity
Medium
Base Score
5.9/10
Exploit Score
0.7/10
Access Vector
Network
Access Complexity
High
Privileges Required
High
Impact Score
5.2/10
Confidentiality Impact
High
Availability Impact
None
Integrity Impact
High
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:cisco:prime_infrastructure:3.2\(0.0\):*:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:cisco:prime_infrastructure:3.3\(0.0\):*:*:*:*:*:*:
  Yes
- -