Vulnerability in Cisco Prime_network_control_system

CVE-2015-0768

The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restricti…

EPSS: 0.002 (35.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Prime_network_control_system — versions 2.1\(0.0.85\), 2.2\(0.0.58\), 2.2\(0.0.69\)
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

20150609 Cisco Prime Network Control System Unauthorized Configuration Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1032541 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)