Executive Summary

Summary
Title Cisco Application Policy Infrastructure Controller Access Control Vulnerability
Informations
Name cisco-sa-20150722-apic First vendor Publication 2015-07-22
Vendor Cisco Last vendor Modification 2015-07-22
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 9 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller (APIC) and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user.

The vulnerability is due to improper implementation of access controls in the APIC filesystem. An attacker could exploit this vulnerability by accessing the cluster management configuration of the APIC. An exploit could allow the attacker to gain access to the APIC as the root user and perform root-level commands.

Cisco has released software updates that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic BEGIN PGP SIGNATURE Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJVrtbDAAoJEIpI1I6i1Mx3btoP/2ab0rglGwG9K0DZbKgg/uk0 v7hAZl9ZAjFJj61v0R5byP286xSMvn6MXz1Jr44epjPF2a3ej4aR01gyTvMO6DUD UGmheZFvsmbrfd2sqRFHF/x1g2bOIdYq4i7z0BVP9YXJ4T3WR5FE3DxXt1VqZiTK ywNIWfwDv73LwEJrsSa+z3Z7pT3LxPBavBgtvzjUDizqW8zrpGS+KeMw8ol4Xz4p VVMtTo4DfXphaC2UiAtzP4UnJl3AQXCKNzYRAU56XxrqlkgQxQg2ZnrP7fJvTXET U2eHf4pQXkG2+BKl2gCc2onQqdeXmitlFyTlGIZbiJ/iLAY6oxy3SUT4gVZdMUXf O7BU5rA99maZq65+Ziu/bKuCe1AilKSg4TiSjhu0fIKbiMu1b9mqrgv4n9KaTtWY UdpiKJGtQQQrrI6r1gZeEIZ2K2/ybMBT3nRm+avD+omRa4R5HX1V+BhWksPF3eA6 H+xtN/pBIBs7ecahWRcdqu9pY76Re/JCtIrlLCHNfBMi6PPEcnUjaE4RpWaumnBO sCPEp8t0leACiCP11M2ZjMFm6GfrTDTF04AYP+VkAWYXNcfNSxp6MoC4Ee1ygb1/ 2ywXDFpFPj4XIwKIgyE6k76ND5r2WuK1e1VEuW4jikGYeeCQ3nmrJFHDc/mmyAum 0emrgf0YLmkfmXrYzv0u =zm4G END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 1
Os 11

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-07-25 00:30:59
  • Multiple Updates
2015-07-22 21:22:20
  • First insertion