CyberSec.Space Logo
返回 CVE 浏览器

CVE-2016-1297

HIGH
8.8
CVSS Severity Score
EPSS Score0.0830%
EPSS Percentile5.13th
Published2016年2月26日
Last Modified2026年5月6日

Vulnerability Description

The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.

Affected Platforms (CPE)

📦
Cisco

Application Control Engine Software

= a5\(1.0\)
📦
Cisco

Application Control Engine Software

= a5\(1.1\)
📦
Cisco

Application Control Engine Software

= a5\(1.2\)
📦
Cisco

Application Control Engine Software

= a5\(2.0\)
📦
Cisco

Application Control Engine Software

= a5\(2.1\)
📦
Cisco

Application Control Engine Software

= a5\(2.1e\)
📦
Cisco

Application Control Engine Software

= a5\(3.0\)

References & Advisories

🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace
🔗 http://www.securitytracker.com/id/1035104
🔗 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160224-ace
🔗 http://www.securitytracker.com/id/1035104

相关漏洞威胁

CVE-2016-06358.8

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,...

CVE-2010-28227.8

Unspecified vulnerability in the RTSP inspection feature on the Cisco Application Control Engine (ACE) Module with software before...

CVE-2010-28237.8

Unspecified vulnerability in the deep packet inspection feature on the Cisco Application Control Engine (ACE) 4710 appliance with ...

CVE-2010-28247.8

Unspecified vulnerability on the Cisco Application Control Engine (ACE) Module with software A2(1.x) before A2(1.6), A2(2.x) befor...