Design/Logic Flaw

The Device Manager GUI in Cisco Application Control Engine ACE 4710 A5 before A53.1 allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801...

CVE-2016-1297

The Cisco ACE 4710 Application Control Engine Device Manager GUI is affected (A5 before A5(3.1/3.0)) by a remote command injection vulnerability via insufficient validation of HTTP POST input, allowing an authenticated attacker to bypass RBAC and execute arbitrary CLI commands with admin privileg...