Description
A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due to insufficient validation of authorizations for authenticated users. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to elevate privileges to privilege level 15. To exploit this vulnerability, the attacker must have valid credentials for a user account with privilege level 5 or higher. Read-only DM users are assigned privilege level 5.
Problem types
Product status
15.0(2)EA
15.0(2)EA1
15.2(2)E
15.2(2)E1
15.2(3)E1
15.2(2)E2
15.2(2)E3
15.2(2a)E2
15.2(3)E2
15.2(3)E3
15.2(2)E4
15.2(2)E5
15.2(3)E4
15.2(5)E
15.2(2)E6
15.2(5)E1
15.2(2)E5a
15.2(5a)E1
15.2(2)E7
15.2(5)E2
15.2(6)E
15.2(5)E2c
15.2(2)E8
15.2(6)E0a
15.2(6)E1
15.2(6)E0c
15.2(2)E9
15.2(7)E
15.2(2)E10
15.2(6)E2a
15.2(7)E0b
15.2(7)E0s
15.2(6)E3
15.2(7)E2
15.2(7)E3
15.2(7)E1a
15.2(7)E4
15.2(8)E
15.2(8)E1
15.2(7)E5
15.2(7)E6
15.2(8)E2
15.2(7)E7
15.2(8)E3
15.2(7)E8
15.2(8)E4
15.2(7)E9
15.2(8)E5
15.2(8)E6
15.2(7)E10
15.2(7)E11
15.2(1)EY
15.0(2)EK
15.0(2)EK1
15.2(2)EB
15.2(2)EB1
15.2(2)EB2
15.2(6)EB
15.2(2)EA
15.2(2)EA2
15.2(3)EA
15.2(4)EA
15.2(4)EA1
15.2(2)EA3
15.2(4)EA4
15.2(4)EA5
15.2(4)EA6
15.2(4)EA7
15.2(4)EA8
15.2(4)EA9
15.2(4)EA9a
15.2(4)EC1
15.2(4)EC2
15.3(3)JPU
References
sec.cloudapps.cisco.com/...cisco-sa-ios-http-privesc-wCRd5e3 (cisco-sa-ios-http-privesc-wCRd5e3)
