Executive Summary
Summary | |
---|---|
Title | Cisco Application Policy Infrastructure Controller SSH Privilege Escalation Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20170816-apic1 | First vendor Publication | 2017-08-16 |
Vendor | Cisco | Last vendor Modification | 2017-08-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:S/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 3.9 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. The attacker cannot gain root-level privileges. The vulnerability is due to a limitation with how Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC. An attacker could exploit this vulnerability by authenticating to the targeted device. The attacker's privilege level will be modified to match that of the last user to log in via SSH. An exploit could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic1"] BEGIN PGP SIGNATURE iQKBBAEBAgBrBQJZlGzqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHmlbw/6AnWNPWHe2W41FaxV uSKOoeuBbquN5Fs1fK44VeuDhXq75M5idEZUzp7Okv7VeffVR0tG87G14pFexGL2 rw2Vkz5Q6KWvJbNQlerVFFxm2oqm3y63ieNrXKNxt+AEgU+7zWP7OPM9Io8Y+oWl cPnwAuCfCP3Z2Rla1uCsHhY9MzQWTZdKptqYsAn5YoP46Uy9+nQPoWNZuC2X9rKO 2OsSxE5paSOnoGVX0dUgVp/8nr5lAG2EvSRq1M3PEZz9m65Amd7rCbgSW2zgib8u tHB9V+4+bdD7Bi3kBsPE7b1D6dsl7IMRqps7ncGX/RxN5eSQ84Tut/CVnRu45k34 KxzPXmdt7QxKwBOuLvkam5X9S7bilJuRXm0e9OFwnYBKG70p+y/oq7+/ZW5Ag+W/ DG3SK5WmceElxSfOF5IC4IhlFR05q6pKocxn+D5AzAfrGj3fWlv261Q/+UaPJ8UQ 97oHOXB7KQHJIFXZ3gFupDm1/tA55QrzJIQqjrdhRGyTwGonFw/O29e2ua8au0cJ ElopT/P+VADRpf2vVGiT4L/ewZOctUIlFtLR7gpxmG9X6+xTQQHt3efU6qTs/uGe VxGWuATxCAplEheBDFY5vdf+n24lqjX9Cn9Veo/HUpIhGmzMMMO9DNVsPi49qSO/ 5N4vbz/6tuNs06eCcn10+MtpUXE= =dFHp END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-269 | Improper Privilege Management |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2017-08-25 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20170816-apic1-application_policy_infrastructure_controller.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2017-08-26 13:24:55 |
|
2017-08-23 00:25:10 |
|
2017-08-18 05:23:44 |
|
2017-08-16 21:22:26 |
|