Executive Summary

Title Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability
Name cisco-sa-20170816-apic1 First vendor Publication 2017-08-16
Vendor Cisco Last vendor Modification 2017-08-16
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:S/C:P/I:P/A:P)
Cvss Base Score 4.6 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 3.9 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges.

The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role.

Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability.

This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1"]


iQKBBAEBAgBrBQJZlGzqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmlbw/6AnWNPWHe2W41FaxV uSKOoeuBbquN5Fs1fK44VeuDhXq75M5idEZUzp7Okv7VeffVR0tG87G14pFexGL2 rw2Vkz5Q6KWvJbNQlerVFFxm2oqm3y63ieNrXKNxt+AEgU+7zWP7OPM9Io8Y+oWl cPnwAuCfCP3Z2Rla1uCsHhY9MzQWTZdKptqYsAn5YoP46Uy9+nQPoWNZuC2X9rKO 2OsSxE5paSOnoGVX0dUgVp/8nr5lAG2EvSRq1M3PEZz9m65Amd7rCbgSW2zgib8u tHB9V+4+bdD7Bi3kBsPE7b1D6dsl7IMRqps7ncGX/RxN5eSQ84Tut/CVnRu45k34 KxzPXmdt7QxKwBOuLvkam5X9S7bilJuRXm0e9OFwnYBKG70p+y/oq7+/ZW5Ag+W/ DG3SK5WmceElxSfOF5IC4IhlFR05q6pKocxn+D5AzAfrGj3fWlv261Q/+UaPJ8UQ 97oHOXB7KQHJIFXZ3gFupDm1/tA55QrzJIQqjrdhRGyTwGonFw/O29e2ua8au0cJ ElopT/P+VADRpf2vVGiT4L/ewZOctUIlFtLR7gpxmG9X6+xTQQHt3efU6qTs/uGe VxGWuATxCAplEheBDFY5vdf+n24lqjX9Cn9Veo/HUpIhGmzMMMO9DNVsPi49qSO/ 5N4vbz/6tuNs06eCcn10+MtpUXE= =dFHp END PGP SIGNATURE

_______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-269 Improper Privilege Management

CPE : Common Platform Enumeration

Application 24

Nessus® Vulnerability Scanner

Date Description
2017-08-25 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20170816-apic1-application_policy_infrastructure_controller.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2017-08-26 13:24:55
  • Multiple Updates
2017-08-23 00:25:10
  • Multiple Updates
2017-08-18 05:23:44
  • Multiple Updates
2017-08-16 21:22:26
  • First insertion