CVE-2016-1301

high-risk
Published 2016-02-07

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.

Do I need to act?

-
0.27% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (20)

Prime Security Manager
Prime Security Manager
Prime Security Manager
Prime Security Manager
Asa Cx Context-Aware Security Software
Asa Cx Context-Aware Security Software
Asa Cx Context-Aware Security Software
Asa Cx Context-Aware Security Software
Asa Cx Context-Aware Security Software
Asa Cx Context-Aware Security Software
Asa Cx Context-Aware Security Software
Asa Cx Context-Aware Security Software
Prime Security Manager
Prime Security Manager
Prime Security Manager
Prime Security Manager
Prime Security Manager
Prime Security Manager
Prime Security Manager
Prime Security Manager

Affected Vendors

Cisco

References (6)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securitytracker.com/id/1034926
http://www.securitytracker.com/id/1034927
Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...
http://www.securitytracker.com/id/1034926
http://www.securitytracker.com/id/1034927
52
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 21/34 · High