Security restrictions bypass in Cisco Unified Intelligence Center - CVE-2016-6426
Published: October 6, 2016 / Updated: April 5, 2018
Vulnerability identifier: #VU772
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-6426
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Unified Intelligence Center
Cisco Unified Intelligence Center
Detailed vulnerability description
The vulnerability allows a remote user to modify information on the target system.
The weakness is caused by insufficient access control. Attackers can access ertain web page and cause a flaw in the j_spring_security_switch_user() function that lets them create user accounts.
Successful exploitation of the vulnerability results in modification of valid user's data.
The weakness is caused by insufficient access control. Attackers can access ertain web page and cause a flaw in the j_spring_security_switch_user() function that lets them create user accounts.
Successful exploitation of the vulnerability results in modification of valid user's data.