Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability

cisco-sa-20160817-apic · High · Published · Updated

A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user. The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2016-1365
Cisco Bug IDsCSCux15507
CVSS ScoreBase 8.5
Base 8.5 AV:N/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM)

Related Products

Product CVE Evidence
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) CVE-2016-1365 Cisco OpenVuln