Spoofing Vulnerability in Cisco Application Policy Infrastructure Controller
CVE-2016-1386

7.5HIGH

Key Information:

Vendor: Cisco
Status: Application Policy Infrastructure Controller Enterprise Module
Vendor: CVE Published:; 28 April 2016

What is CVE-2016-1386?

A vulnerability exists in the API of Cisco's Application Policy Infrastructure Controller (APIC-EM) version 1.0(1), which allows remote attackers to impersonate administrative notifications. This is achieved through the use of specially crafted attribute-value pairs, potentially leading to unauthorized access or information disclosure, as identified in Bug ID CSCux15521. Organizations using this product should review the associated security advisory to implement necessary mitigating steps.

References

http://www.securitytracker.com/id/1035702

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2016
Vulnerability Reserved
Jan 4, 2016