CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
52.4%
A vulnerability in the cluster management configuration of the Cisco Application Policy Infrastructure Controller (APIC) and the Cisco Nexus 9000 Series ACI Mode Switch could allow an authenticated, remote attacker to access the APIC as the root user.
The vulnerability is due to improper implementation of access controls in the APIC filesystem. An attacker could exploit this vulnerability by accessing the cluster management configuration of the APIC. An exploit could allow the attacker to gain access to the APIC as the root user and perform root-level commands.
Cisco has released software updates that address this vulnerability.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | nx_os | any | cpe:2.3:o:cisco:nx_os:any:*:*:*:*:*:*:* |
cisco | application_policy_infrastructure_controller_\(apic\) | any | cpe:2.3:o:cisco:application_policy_infrastructure_controller_\(apic\):any:*:*:*:*:*:*:* |