A vulnerability in the web GUI of Cisco Connected Grid Network Management System could allow an authenticated, remote attacker to perform limited configuration changes while logged in as a user having the Monitor-Only role.

The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by accessing the related configuration pages on the web interface and submitting the changes. An exploit could allow the attacker to make unauthorized modifications to the targeted system.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151109-cg-nms

Leave a Reply