What is CVE-2016-1290?

CVE-2016-1290 is a high-severity vulnerability in Cisco Evolved_programmable_network_manager, classified under CWE-264. CVSS score: 8.1/10. Published 2016-04-06.

How severe is CVE-2016-1290?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Cisco Evolved_programmable_network_manager

CVE-2016-1290

The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is…

EPSS: 0.002 (37.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Evolved_programmable_network_manager — versions 1.2.0
Cisco Prime_infrastructure — versions 1.2, 1.2.0.103, 1.2.1
Sun Opensolaris — versions snv_124
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

1035498 (vdb-entry, x_refsource_SECTRACK)
20160406 Cisco Prime Infrastructure and Evolved Programmable Network Manager Privilege Escalation API Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-1290?: CVE-2016-1290 is a high-severity vulnerability in Cisco Evolved_programmable_network_manager, classified under CWE-264. CVSS score: 8.1/10. Published 2016-04-06.
How severe is CVE-2016-1290?: High severity. CVSS v3 base score is 8.1 out of 10.