Cisco Application Policy Infrastructure Controller Unauthorized Access Vulnerability

A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (Cisco APIC) could allow an authenticated, remote attacker to have read access to certain information stored in the affected system.

The vulnerability is due to improper handling of RBAC for health scoring. An attacker could exploit this vulnerability to gain access to information on the affected system.

Cisco has confirmed the vulnerability and released software updates.

To exploit this vulnerability, an attacker must authenticate to the targeted system. This access requirement reduces the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.