The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Link | Tags |
---|---|
http://www.securitytracker.com/id/1034927 | vdb entry |
http://www.securitytracker.com/id/1034926 | vdb entry |
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-prsm | vendor advisory |