What is CVE-2016-1406?

CVE-2016-1406 is a high-severity vulnerability in Cisco Evolved_programmable_network_manager, classified under Improper Access Control. CVSS score: 8.8/10. Published 2016-05-25.

How severe is CVE-2016-1406?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Cisco Evolved_programmable_network_manager

CVE-2016-1406

The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and obtain sensitive information, and consequ…

EPSS: 0.003 (53.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Evolved_programmable_network_manager — versions 1.2.0, 1.2.1.3, 1.2.200
Cisco Prime_infrastructure — versions 1.2, 1.2.0.103, 1.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

1035948 (vdb-entry, x_refsource_SECTRACK)
20160523 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager JSON Privilege Escalation Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2016-1406?: CVE-2016-1406 is a high-severity vulnerability in Cisco Evolved_programmable_network_manager, classified under Improper Access Control. CVSS score: 8.8/10. Published 2016-05-25.
How severe is CVE-2016-1406?: High severity. CVSS v3 base score is 8.8 out of 10.