Cisco Unified Intelligence Center Privilege Escalation Vulnerability

A vulnerability exists in Cisco Unified Intelligence Center that allows an authenticated, remote attacker to elevate privileges to Administrator for certain functions on the affected system. This issue arises from inadequate server-side validation of user-supplied parameters in API or HTTP requests. An attacker could exploit this vulnerability by sending a crafted API or HTTP request, potentially gaining access to, modifying, or deleting data beyond their authorized access level, including sensitive information stored in the system.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to gain Administrator rights for a limited set of functions on the affected system.

Remediation

Cisco has released software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance.