Lucene search

CiscoCVE-2017-12262

HistoryNov 02, 2017 - 4:29 p.m.

CVE-2017-12262

2017-11-0216:29:00

CWE-665

CWE-284

cisco

web.nvd.nist.gov

cisco

apic-em

firewall

configuration

vulnerability

cve-2017-12262

nvd

cisco bug ids

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638.

Affected configurations

Nvd

Node

ciscoapplication_policy_infrastructure_controller_enterprise_moduleRange<1.5

VendorProductVersionCPE
ciscoapplication_policy_infrastructure_controller_enterprise_module*cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	application_policy_infrastructure_controller_enterprise_module	*	cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module::::::::

CNA Affected

[
  {
    "product": "Cisco Application Policy Infrastructure Controller Enterprise Module",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Application Policy Infrastructure Controller Enterprise Module"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101647

www.securitytracker.com/id/1039716

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Related for CVE-2017-12262