Cisco Prime License Manager Incorrect Authorization Vulnerability

Summary

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.

Credit:

The information has been provided by Adam Engle

The original article can be found at:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-prime-priv-esc-HyhwdzBA


Details

The vulnerability is due to insufficient validation of user input on the web management interface. An attacker could exploit this vulnerability by submitting a malicious request to an affected system. An exploit could allow the attacker to gain administrative-level privileges on the system. The attacker needs a valid username to exploit this vulnerability.

 

Vulnerable Systems:

Cisco Prime License Manager

 

CVE Information:

CVE-2020-3140

 

Disclosure Timeline:
Published Date:7/16/2020

Categories: FeaturedNews