ID CVE-2016-1420
Summary The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.
References
Vulnerable Configurations
  • cpe:2.3:h:cisco:application_infrastructure_controller:-:*:*:*:*:*:*:*
    cpe:2.3:h:cisco:application_infrastructure_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1e\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1e\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1h\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1h\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1k\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1k\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1n\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1n\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(2j\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(2j\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(2m\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(2m\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3f\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3f\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3i\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3i\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3k\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3k\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3n\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3n\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(4h\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(4h\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(4o\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(4o\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\(0.920a\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\(0.920a\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\(1j\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\(1j\):*:*:*:*:*:*:*
  • cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\(3f\):*:*:*:*:*:*:*
    cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.1\(3f\):*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 10-06-2016 - 21:31)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
cisco 20160609 Cisco Application Policy Infrastructure Controller Binary Files Privilege Escalation Vulnerability
Last major update 10-06-2016 - 21:31
Published 10-06-2016 - 01:59
Last modified 10-06-2016 - 21:31
Back to Top