Unauthorized Access Vulnerability in Cisco Spark Product
CVE-2016-1322

7.5HIGH

Key Information:

Vendor: Cisco
Status: Spark
Vendor: CVE Published:; 12 February 2016

Summary

The REST interface in Cisco Spark allows remote attackers to bypass access restrictions, potentially leading to the creation of arbitrary user accounts. This vulnerability can be exploited through specific web requests, which highlights the importance of securing RESTful APIs and implementing strict access controls.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2016
Vulnerability Reserved
Jan 4, 2016