Published: 07/02/2016 Updated: 06/12/2016

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 801

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Cisco Application Policy Infrastructure Controller (APIC) devices with software prior to 1.0(3h) and 1.1 prior to 1.1(1j) and Nexus 9000 ACI Mode switches with software prior to 11.0(3h) and 11.1 prior to 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

Vulnerable Product	Search on Vulmon	Subscribe to Product
samsung x14j firmware t-ms14jakucb-1102.5
sun opensolaris snv 124
zyxel gs1900-10hp firmware
zzinc keymouse firmware 3.08
cisco nx-os base

A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges The vulnerability is due to eligibility logic in the RBAC processing code An authenticated user could explo ...

CWE-284 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic http://www.securitytracker.com/id/1034925 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-1302

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect