Lucene search

CiscoCVE-2016-1420

HistoryJun 10, 2016 - 1:59 a.m.

CVE-2016-1420

2016-06-1001:59:05

cisco

web.nvd.nist.gov

cisco

apic

installation component

binary files

root access

cve-2016-1420

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.

Affected configurations

Nvd

Node

ciscoapplication_infrastructure_controllerMatch-

AND

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(1e\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(1h\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(1k\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(1n\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(2j\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(2m\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(3f\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(3i\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(3k\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(3n\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(4h\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.0\(4o\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.1\(0.920a\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.1\(1j\)

ciscoapplication_policy_infrastructure_controller_firmwareMatch1.1\(3f\)

VendorProductVersionCPE
ciscoapplication_infrastructure_controller-cpe:2.3:h:cisco:application_infrastructure_controller:-:*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(1e)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1e\):*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(1h)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1h\):*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(1k)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1k\):*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(1n)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1n\):*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(2j)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(2j\):*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(2m)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(2m\):*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(3f)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3f\):*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(3i)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3i\):*:*:*:*:*:*:*
ciscoapplication_policy_infrastructure_controller_firmware1.0(3k)cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3k\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	application_infrastructure_controller	-	cpe:2.3:h:cisco:application_infrastructure_controller:-:::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(1e)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1e\):::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(1h)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1h\):::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(1k)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1k\):::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(1n)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(1n\):::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(2j)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(2j\):::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(2m)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(2m\):::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(3f)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3f\):::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(3i)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3i\):::::::*
cisco	application_policy_infrastructure_controller_firmware	1.0(3k)	cpe:2.3:o:cisco:application_policy_infrastructure_controller_firmware:1.0\(3k\):::::::*

Rows per page:

1-10 of 161

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2016-1420