Access Control Bypass in Cisco APIC Devices and Nexus 9000 Switches
CVE-2016-1302

8.8HIGH

Key Information:

Vendor

Samsung
Status
X14j Firmware
Opensolaris
Gs1900-10HP Firmware
Keymouse Firmware
Vendor
CVE Published:
7 February 2016

What is CVE-2016-1302?

Cisco Application Policy Infrastructure Controller (APIC) devices and Nexus 9000 ACI Mode switches are susceptible to an access control vulnerability that allows remote authenticated users to bypass intended Role-Based Access Control (RBAC) restrictions. This can be exploited through crafted REST requests, potentially leading to unauthorized access to sensitive resources and functionality. Users running versions prior to 1.0(3h) and 1.1(1j) for APIC, as well as those with Nexus 9000 devices on software versions before 11.0(3h) and 11.1(1j), are at risk. It is crucial for users to update their systems to mitigate this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1034925
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.