Privilege Escalation in Cisco Application Policy Infrastructure Controller
CVE-2017-6768

7.8HIGH

Key Information:

Vendor
Cisco
Status
Application Policy Infrastructure Controller (apic)
Vendor
CVE Published:
17 August 2017

Summary

A privilege escalation vulnerability exists in the Cisco Application Policy Infrastructure Controller (APIC) devices due to improperly validated library paths in certain executable system files. An authenticated local attacker can exploit this by loading a malicious library after authenticating on the device, allowing them to escalate their privileges to root level. This could enable full control over the device. Affected versions include specific releases in the 1.1, 1.2, 1.3, and 2.0 series, leading to potential severe compromise if exploited.

Affected Version(s)

Application Policy Infrastructure Controller (APIC) 1.1(0.920a), 1.1(1j), 1.1(3f)

Application Policy Infrastructure Controller (APIC) 1.2 Base, 1.2(2), 1.2(3), 1.2.2

Application Policy Infrastructure Controller (APIC) 1.3(1), 1.3(2), 1.3(2f)

References

http://www.securityfocus.com/bid/100363
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1039179
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.