Filesystem Bypass in Cisco Configuration Assistant Affects CNAP
CVE-2016-1441

8.2HIGH

Key Information:

Vendor: Cisco
Status: Cloud Network Automation Provisioner
Vendor: CVE Published:; 3 July 2016

Summary

Cisco Cloud Network Automation Provisioner 1.0(0) within Cisco Configuration Assistant contains a vulnerability that allows remote attackers to bypass filesystem and administrative endpoint restrictions. This exploitation can occur through specially crafted GET API calls, allowing unauthorized users to gain access to sensitive resources and potentially compromise the integrity of affected systems. It's essential for organizations using this software to implement appropriate security measures and stay informed about potential exploits.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securityfocus.com/bid/91523

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2016
Vulnerability Reserved
Jan 4, 2016