Elevated Privileges Vulnerability in Cisco Application Policy Infrastructure Controllers
CVE-2017-12352

6.7MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Application Policy Infrastructure Controller
Vendor
CVE Published:
30 November 2017

Summary

A vulnerability exists in specific system script files installed during the boot process of Cisco Application Policy Infrastructure Controllers. This flaw allows an authenticated local attacker to escalate their privileges, thereby executing arbitrary commands with root-level access on the affected host operating system. The vulnerability stems from inadequate validation of user-controlled input submitted to these script files. To execute this attack, an attacker must gain access using valid administrator credentials and can exploit the vulnerability by providing specially crafted inputs. Successful exploitation results in the ability to manipulate system functionality and potentially compromise critical system components.

Affected Version(s)

Cisco Application Policy Infrastructure Controller Cisco Application Policy Infrastructure Controller

References

http://www.securityfocus.com/bid/101993
vdb-entryx_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039925
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.