CVE-2015-0768

medium Cisco
CVSS v3 Base Score
6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS Score
0.2%
Exploitation probability in 30 days
Top 64% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P
Published: June 12, 2015 (3988 days ago)
Last Modified: May 6, 2026
Vendor: Cisco
Source: NVD

Description

The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371.

CWE

CWE-264

Affected Products

cisco prime network control system

References

🔗 tools.cisco.com 🔗 www.securitytracker.com 🔗 tools.cisco.com 🔗 www.securitytracker.com