{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T13:02:05.416","vulnerabilities":[{"cve":{"id":"CVE-2018-0096","sourceIdentifier":"psirt@cisco.com","published":"2018-01-18T06:29:00.817","lastModified":"2026-06-17T01:29:33.043","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Infrastructure could allow an authenticated, remote attacker to perform a privilege escalation in which one virtual domain user can view and modify another virtual domain configuration. The vulnerability is due to a failure to properly enforce RBAC for virtual domains. An attacker could exploit this vulnerability by sending an authenticated, crafted HTTP request to a targeted application. An exploit could allow the attacker to bypass RBAC policies on the targeted system to modify a virtual domain and access resources that are not normally accessible. Cisco Bug IDs: CSCvg36875."},{"lang":"es","value":"Una vulnerabilidad en la funcionalidad RBAC (control de acceso basado en roles) de Cisco Prime Infrastructure podría permitir que un atacante remoto autenticado realice un escalado de privilegios en el que un usuario de un dominio virtual puede visualizar y modificar la configuración de otro dominio virtual. La vulnerabilidad se debe a no poder cumplir correctamente el RBAC para los dominios virtuales. Un atacante podría explotar esta vulnerabilidad mediante el envío de una petición HTTP manipulada a una aplicación objetivo. Su explotación podría permitir que un atacante omita las políticas RBAC en el sistema objetivo para modificar un dominio virtual y acceder a recursos que no son normalmente accesibles. Cisco Bug IDs: CSCvg36875."}],"affected":[{"source":"psirt@cisco.com","affectedData":[{"vendor":"n/a","product":"Cisco Prime Infrastructure","versions":[{"version":"Cisco Prime Infrastructure","status":"affected"}]}]}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":0.7,"impactScore":5.2}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:P/I:P/A:N","baseScore":4.9,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":6.8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-12-02T19:09:10.260749Z","id":"CVE-2018-0096","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-264"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_infrastructure:3.2\\(0.0\\):*:*:*:*:*:*:*","matchCriteriaId":"146E4ECF-B903-488C-8644-932FC57F072C"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:prime_infrastructure:3.3\\(0.0\\):*:*:*:*:*:*:*","matchCriteriaId":"A67FAFC9-7F4B-4CB5-AF27-74E20DD21B2D"}]}]}],"references":[{"url":"http://www.securityfocus.com/bid/102727","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1040242","source":"psirt@cisco.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/102727","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"http://www.securitytracker.com/id/1040242","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-cpi","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}