A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote malicious user to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the malicious user to execute arbitrary commands on the affected system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco application policy infrastructure controller enterprise module 1.0.10 |