A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local malicious user to elevate privileges. The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploit this vulnerability by authenticating to the device and adding an SSH key to the attacker's local account. An exploit could allow the malicious user to elevate privileges on the local shell and perform unauthorized actions. Software updates are not available. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151012-apic
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco application policy infrastructure controller 1.1\\(1j\\) |