← Back

CVE-2016-1301

nvd nist
Published: Feb 7, 2016Modified: May 6, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

The RBAC implementation in Cisco ASA-CX Content-Aware Security software before 9.3.1.1(112) and Cisco Prime Security Manager (PRSM) software before 9.3.1.1(112) allows remote authenticated users to change arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuo94842.

Affected (26)

Cisco
2 products
Asa Cx Context Aware Security Software
Prime Security Manager
Configuration A
26 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Asa Cx Context Aware Security Software
Version 9.0.1-40
Asa Cx Context Aware Security Software
Version 9.0.1
Asa Cx Context Aware Security Software
Version 9.0.2-68
Asa Cx Context Aware Security Software
Version 9.0.2
Asa Cx Context Aware Security Software
Version 9.0_base
Asa Cx Context Aware Security Software
Version 9.1.2-29
Asa Cx Context Aware Security Software
Version 9.1.2-42
Asa Cx Context Aware Security Software
Version 9.1.3-10
Asa Cx Context Aware Security Software
Version 9.1.3-13
Asa Cx Context Aware Security Software
Version 9.1.3-8
Asa Cx Context Aware Security Software
Version 9.2.1-1
Asa Cx Context Aware Security Software
Version 9.2.1-2
Asa Cx Context Aware Security Software
Version 9.2.1-3
Asa Cx Context Aware Security Software
Version 9.2.1-4
Cisco
Prime Security Manager
Version 9.0.0
Prime Security Manager
Version 9.0.1-40
Prime Security Manager
Version 9.0.2-68
Prime Security Manager
Version 9.1.0
Prime Security Manager
Version 9.1.2-29
Prime Security Manager
Version 9.1.2-42
Prime Security Manager
Version 9.1.3-10
Prime Security Manager
Version 9.1.3-13
Prime Security Manager
Version 9.1.3-8
Prime Security Manager
Version 9.2.0
Prime Security Manager
Version 9.2.1-1
Prime Security Manager
Version 9.2.1-2

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.