CyberSec.Space Logo
Back to CVE Browser

CVE-2016-1297

HIGH
8.8
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile5.13th
PublishedFeb 26, 2016
Last ModifiedMay 6, 2026

Vulnerability Description

The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.

Affected Platforms (CPE)

πŸ“¦
Cisco

Application Control Engine Software

= a5\(1.0\)
πŸ“¦
Cisco

Application Control Engine Software

= a5\(1.1\)
πŸ“¦
Cisco

Application Control Engine Software

= a5\(1.2\)
πŸ“¦
Cisco

Application Control Engine Software

= a5\(2.0\)
πŸ“¦
Cisco

Application Control Engine Software

= a5\(2.1\)
πŸ“¦
Cisco

Application Control Engine Software

= a5\(2.1e\)
πŸ“¦
Cisco

Application Control Engine Software

= a5\(3.0\)

References & Advisories

πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace
πŸ”— http://www.securitytracker.com/id/1035104
πŸ”— http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace
πŸ”— http://www.securitytracker.com/id/1035104

Related Vulnerabilities

CVE-2016-06358.8

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,...

CVE-2010-28227.8

Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before...

CVE-2010-28237.8

Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with ...

CVE-2010-28247.8

Unspecified vulnerability on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) befor...