Vigil@nce - Cisco Prime Service Catalog: privilege escalation via Configuration Change
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can edit the configuration of Cisco Prime Service
Catalog, in order to escalate his privileges.
Impacted products: Prime Infrastructure.
Severity: 2/4.
Creation date: 08/12/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco Prime Service Catalog product offers a web service.
However, an attacker can directly use an url, to alter the
configuration.
An attacker can therefore edit the configuration of Cisco Prime
Service Catalog, in order to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN