Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-CMXPE-75ASY9K
HistoryJan 13, 2021 - 4:00 p.m.

Cisco Connected Mobile Experiences Privilege Escalation Vulnerability

2021-01-1316:00:00
tools.cisco.com
73

0.003 Low

EPSS

Percentile

67.5%

JSON

A vulnerability in Cisco Connected Mobile Experiences (CMX) could allow a remote, authenticated attacker without administrative privileges to alter the password of any user on an affected system.

The vulnerability is due to incorrect handling of authorization checks for changing a password. An authenticated attacker without administrative privileges could exploit this vulnerability by sending a modified HTTP request to an affected device. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxpe-75Asy9k [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmxpe-75Asy9k”]

Related

prion 1
cve 1
threatpost 2
prion
prion
Authorization
2021-01-13 22:15:00
cve
cve
CVE-2021-1144
2021-01-13 22:15:00
threatpost
threatpost
Cisco DNA Center Bug Opens Enterprises to Remote Attack
2021-01-25 17:53:51
High-Severity Cisco Flaw Found in CMX Software For Retailers
2021-01-13 21:22:01

0.003 Low

EPSS

Percentile

67.5%

JSON
Related for CISCO-SA-CMXPE-75ASY9K
prion1cve1threatpost2