Access Control Vulnerability in Cisco Prime Network Control System
CVE-2015-0768

Currently unrated

Key Information:

Vendor: Cisco
Status: Prime Network Control System
Vendor: CVE Published:; 12 June 2015

Summary

The Device Work Center (DWC) component in Cisco Prime Network Control System has an access control vulnerability that permits remote authenticated users to bypass intended access restrictions. This allows unauthorized command execution during an active login session. The flaw arises from improper implementation of AAA (Authentication, Authorization, and Accounting) roles, which could potentially compromise the integrity of the system.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1032541

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 12, 2015
Vulnerability Reserved
Jan 7, 2015