Executive Summary
Summary | |
---|---|
Title | Cisco Application Policy Infrastructure Controller Access Control Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20160203-apic | First vendor Publication | 2016-02-03 |
Vendor | Cisco | Last vendor Modification | 2016-02-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges. The vulnerability is due to eligibility logic in the RBAC processing code. An authenticated user could exploit this vulnerability by sending specially crafted representational state transfer (REST) requests to the APIC. An exploit could allow the authenticated user to make configuration changes to the APIC beyond the configured privilege for their role. Cisco has released software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVrCha689gD3EAJB5AQIpfhAAnB7qeHrfdjA/CSMgMk2VxNM9EkZrer2E wizm4VxJyrLXC3rxVwmhObSsfgIGEzgRAhQ9iqX9FNL34OVVs6FTmxij7XRfCuVR dIvNYQ/yT3e6siGQSKQjZ9K5GZ1bRHyCw9LyEqQwaWuWXg7/bCWM/FqluPngNn96 TRXSt1CM+ELV/tFSAUeu2jkHAyCLd9slwxmjh7Ti0LMVLeeQoUmXo81p08rRz1rV JpWA2tr4HO4/e4+3cJS3oe5kLGy7b7e7vUX4auxnnD5ZZEvGABs/IC4PGqo33U1g zQE1QrMBBxot5UcrHOnQEjfx9RJ8vEpw1GihemvLHcsCV0d4JWeS3FJzUnWXWOgT G5/KCao/8hsTiqu8bs2M2c4hhfP/41XHO1wkCeZEJKUS9oaPhv8uF2ly1dr3uW68 YgSY1AW7CqxqiiLktryFoCS29JWqNsYGGW43NCwWImaVyFkL6TekqjGIZYuTkpO9 fT0Q/qBD+D1NhNeesesS3KGLdQ5kFpvl936vf2coesTtlkX2L/ItJjLCGLX1jhw0 +Qk8R8GNqnj55GIjaXL64cUcDPpu90PE1K4IG533WhmrxKgZ+RzMT1I0zEwDX8et M7Z4mtlpv1owzvkIDjihUipAq8Hgj7qaNtB9sqNxlVSKxVFEI+JcWz/6DWGact7G 3ypCksBxTK0= =dg7F END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-284 | Access Control (Authorization) Issues |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-02-12 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20160203-apic.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-14 21:25:44 |
|
2016-02-13 13:27:47 |
|
2016-02-04 05:29:14 |
|
2016-02-04 05:24:39 |
|