{"schema_version":"public-product-v1.1","generated_at":"2026-06-10T08:51:20Z","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","advisory":{"id":"cisco-sa-20151216-apic","slug":"cisco-sa-20151216-apic","vendor":"Cisco","title":"Cisco Application Policy Infrastructure Controller Insecure Credentials Vulnerability","summary":"A vulnerability in the boot process of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to access the APIC as the root user. The vulnerability is due to improper implementation of access controls in the APIC system. An attacker could exploit this vulnerability by accessing the boot manager of the APIC. An exploit could allow the attacker to access the APIC as the root user and perform root-level commands in single-user mode. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic","severity":"Medium","published_at":"2015-12-16T23:50:00Z","updated_at":"2015-12-16T23:50:00Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic","csaf_url":"https://sec.cloudapps.cisco.com/security/center/contentjson/CiscoSecurityAdvisory/cisco-sa-20151216-apic/csaf/cisco-sa-20151216-apic.json","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure."},"freshness":{"last_source_refreshed_at":"2026-05-26T00:00:03Z","latest_source_refresh_at":"2026-05-26T00:00:03Z","oldest_source_refresh_at":"2026-05-22T00:16:33Z","all_sources_fresh":false,"sources":[{"source":"cisco_advisories","label":"Cisco advisories","last_success_at":"2026-05-26T00:00:03Z","stale":true},{"source":"cisco_csaf","label":"Cisco CSAF","last_success_at":"2026-05-25T03:03:26Z","stale":true},{"source":"nvd_cves","label":"NVD CVEs","last_success_at":"2026-05-22T00:16:33Z","stale":true},{"source":"cisa_kev","label":"CISA KEV","last_success_at":"2026-05-22T00:16:34Z","stale":true},{"source":"first_epss","label":"EPSS","last_success_at":"2026-05-22T00:16:40Z","stale":true}]},"summary":{"cve_count":1,"visible_product_count":1,"public_evidence_count":1,"kev_count":0,"highest_epss":0.00091,"highest_cvss":7.2},"cves":[{"id":"CVE-2015-6424","description":"The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.","severity":"HIGH","kev":false,"epss":{"score":0.00091,"percentile":0.25456,"score_date":"2026-05-21","updated_at":"2026-05-22T00:16:38Z"},"cvss_score":7.2,"cvss_source":"NVD","cwe":"CWE-255","published_at":"2015-12-18T11:59:00Z","modified_at":"2026-05-06T22:30:45Z"}],"public_evidence":[{"product":{"name":"Cisco Application Policy Infrastructure Controller (APIC)","slug":"cisco-application-policy-infrastructure-controller-apic","vendor":"Cisco"},"cve":{"id":"CVE-2015-6424"},"evidence_type":"structured_affected","evidence_label":{"scope":"CSAF product evidence","label":"product_status known affected"},"evidence_source":"Cisco CSAF","source":"Cisco CSAF","source_document_fetched_at":"2026-05-19T19:54:55Z","csaf_status":"known_affected","csaf_product_status":"known_affected","csaf_product_status_path":"vulnerabilities[].product_status.known_affected","raw_product_name":"Cisco Application Policy Infrastructure Controller (APIC)","exposure_verdict":"not_assessed","verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","exposure_verdict_reason":"Public evidence does not evaluate exact release, platform, enabled features, configuration, compensating controls, or live exposure.","kev":false,"epss":{"score":0.00091,"score_date":"2026-05-21","updated_at":"2026-05-22T00:16:38Z"},"cvss_score":7.2,"cvss_source":"NVD","published_at":"2015-12-16T23:50:00Z","updated_at":"2015-12-16T23:50:00Z","advisory_updated_at":"2015-12-16T23:50:00Z","source_url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic","row_display_order":1}]}