A vulnerability in the j_spring_security_switch_user function of Cisco Unified Intelligence Center (CUIC) Software could allow an unauthenticated, remote attacker to make certain changes to the system.The vulnerability is due to improper implementation of authorization controls when accessing certain web pages of the application. An attacker could exploit this vulnerability by accessing certain web pages and creating unauthorized user accounts.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2dtPMFx
A vulnerability in the j_spring_security_switch_user function of Cisco Unified Intelligence Center (CUIC) Software could allow an unauthenticated, remote attacker to make certain changes to the system.The vulnerability is due to improper implementation of authorization controls when accessing certain web pages of the application. An attacker could exploit this vulnerability by accessing certain web pages and creating unauthorized user accounts.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2dtPMFx
Security Impact Rating: Medium
CVE: CVE-2016-6426
from Cisco Security Advisory http://ift.tt/2dtPMFx
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.