Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.105547 |
Category: | CISCO |
Title: | Cisco Application Policy Infrastructure Controller Access Control Vulnerability (Nexus 9xxx) |
Summary: | A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy; Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges. |
Description: | Summary: A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges. Vulnerability Insight: The vulnerability is due to eligibility logic in the RBAC processing code. Vulnerability Impact: An authenticated user could exploit this vulnerability by sending specially crafted representational state transfer (REST) requests to the APIC. An exploit could allow the authenticated user to make configuration changes to the APIC beyond the configured privilege for their role. Affected Software/OS: Cisco Nexus 9000 Series ACI Mode Switches when running software versions prior to 11.0(3h) and 11.1(1j) Solution: See the vendor advisory for a solution CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-1302 Cisco Security Advisory: 20160203 Cisco Application Policy Infrastructure Controller Access Control Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic http://www.securitytracker.com/id/1034925 |
Copyright | Copyright (C) 2016 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |