Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105547
Category:CISCO
Title:Cisco Application Policy Infrastructure Controller Access Control Vulnerability (Nexus 9xxx)
Summary:A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy; Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges.
Description:Summary:
A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy
Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges.

Vulnerability Insight:
The vulnerability is due to eligibility logic in the RBAC processing code.

Vulnerability Impact:
An authenticated user could exploit this vulnerability by sending specially
crafted representational state transfer (REST) requests to the APIC. An exploit could allow the authenticated
user to make configuration changes to the APIC beyond the configured privilege for their role.

Affected Software/OS:
Cisco Nexus 9000 Series ACI Mode Switches when running software versions prior to 11.0(3h) and 11.1(1j)

Solution:
See the vendor advisory for a solution

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-1302
Cisco Security Advisory: 20160203 Cisco Application Policy Infrastructure Controller Access Control Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic
http://www.securitytracker.com/id/1034925
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.