cisco-sa-20150722-apic

Cisco Application Policy Infrastructure Controller Access Control Vulnerability

cisco-sa-20150722-apic · High · Published 10 years ago · Updated 10 years ago

A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller (APIC) and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user. The vulnerability is due to improper implementation of access controls in the APIC filesystem. An attacker could exploit this vulnerability by accessing the cluster management configuration of the APIC. An exploit could allow the attacker to gain access to the APIC as the root user and perform root-level commands. Cisco has released software updates that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic

Cisco advisory ·CSAF JSON

Workarounds

There are currently no known workarounds for this vulnerability.

CVEs	CVE-2015-4235
Cisco Bug IDs	CSCuu72094, CSCuv11991
CVSS Score	Base 8.5 Base 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C/E:H/RL:OF/RC:C
Product Names From Source	Cisco NX-OS Software, Cisco Application Policy Infrastructure Controller (APIC)

Related Products

Product	CVE	Evidence

Vulnslist

find the latest Cisco vulnerabilities

Cisco Application Policy Infrastructure Controller Access Control Vulnerability

Workarounds

Related Products