Test ID:	1.3.6.1.4.1.25623.1.0.105547
Category:	CISCO
Title:	Cisco NX-OS Application Policy Infrastructure Controller Access Control Vulnerability (cisco-sa-20160203-apic)
Summary:	A vulnerability in the role-based access control (RBAC) of the; Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote; user to make configuration changes outside of their configured access privileges.
Description:	Summary: A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges. Vulnerability Insight: The vulnerability is due to eligibility logic in the RBAC processing code. An authenticated user could exploit this vulnerability by sending specially crafted representational state transfer (REST) requests to the APIC. Vulnerability Impact: An exploit could allow the authenticated user to make configuration changes to the APIC beyond the configured privilege for their role. Solution: See the referenced vendor advisory for a solution. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1302 Cisco Security Advisory: 20160203 Cisco Application Policy Infrastructure Controller Access Control Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic http://www.securitytracker.com/id/1034925
Copyright	Copyright (C) 2016 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.