Cisco aironet validating identity
An attacker could exploit this vulnerability by authenticating to the device and sending a crafted HTTP request.
A successful exploit could allow the attacker to gain elevated privileges to access functionality that should be restricted.
This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. A vulnerability in the credential reset functionality for Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to gain elevated privileges.
The vulnerability is due to a lack of proper input validation.
A successful exploit could allow the attacker to access the underlying operating system as a low-privileged user.
After low-level privileges are gained, the attacker could elevate to root privileges and take full control of the device. A vulnerability in the web interface of the Cisco RV132W ADSL2 Wireless-N VPN and RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.
A successful exploit could allow the attacker to execute arbitrary code as the root user and gain full control of the affected system or cause it to reload, resulting in a Do S condition.A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system.The vulnerability is due to insufficient CSRF protection by the device manager web interface.The vulnerability is due to a hard-coded account password on the system.An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials.
Search for cisco aironet validating identity:
The vulnerability exists because the affected software does not reset the privilege level for each web UI session.