CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
5.1%
A vulnerability in SSH key handling for user accounts in Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to elevate privileges.
The vulnerability is due to improper validation of SSH keys local users add their accounts. An attacker could exploit this vulnerability by authenticating to the device and adding an SSH key to the attacker’s local account. An exploit could allow the attacker to elevate privileges on the local shell and perform unauthorized actions.
Software updates are not available.
Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | application_policy_infrastructure_controller_\(apic\) | any | cpe:2.3:o:cisco:application_policy_infrastructure_controller_\(apic\):any:*:*:*:*:*:*:* |