Primary

Context

Cisco Unified Intelligence Center Horizontal Privilege Escalation Vulnerability

Vulnerability

Patched

A vulnerability exists in the API of Cisco Unified Intelligence Center, allowing authenticated, remote attackers to perform horizontal privilege escalation. This issue arises from inadequate validation of user-supplied parameters in API requests, enabling attackers to execute insecure direct object reference attacks. Successful exploitation could grant access to data associated with different users on the affected system.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user-specific data on the affected system.

Remediation

Cisco has released software updates to address this vulnerability. Customers with service contracts should obtain these updates through their usual channels. For those without service contracts, contact the Cisco Technical Assistance Center (TAC) for assistance.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

5.0

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Unified Intelligence Center Horizontal Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco Unified Intelligence Center

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating