A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
| Link | Tags |
|---|---|
| http://www.securitytracker.com/id/1040242 | vdb entry third party advisory |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi | vendor advisory |
| http://www.securityfocus.com/bid/102727 | vdb entry third party advisory |