CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1297

The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

Products affected by CVE-2016-1297

Cisco » Application Control Engine Software » Version: a5(1.0)

cpe:2.3:a:cisco:application_control_engine_software:a5(1.0)
Cisco » Application Control Engine Software » Version: a5(1.1)

cpe:2.3:a:cisco:application_control_engine_software:a5(1.1)
Cisco » Application Control Engine Software » Version: a5(1.2)

cpe:2.3:a:cisco:application_control_engine_software:a5(1.2)
Cisco » Application Control Engine Software » Version: a5(2.0)

cpe:2.3:a:cisco:application_control_engine_software:a5(2.0)
Cisco » Application Control Engine Software » Version: a5(2.1)

cpe:2.3:a:cisco:application_control_engine_software:a5(2.1)
Cisco » Application Control Engine Software » Version: a5(2.1e)

cpe:2.3:a:cisco:application_control_engine_software:a5(2.1e)
Cisco » Application Control Engine Software » Version: a5(3.0)

cpe:2.3:a:cisco:application_control_engine_software:a5(3.0)

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1297

Products

Pricing

Contact Us