CISCO : Cisco Application Policy Infrastructure Controller Access Bypass Vulnerability

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.809051

Category: CISCO

Title: Cisco Application Policy Infrastructure Controller Access Bypass Vulnerability

Summary: Cisco Application Policy Infrastructure Controller is prone to an access bypass vulnerability.

Description: Summary:
Cisco Application Policy Infrastructure Controller is prone to an access bypass vulnerability.

Vulnerability Insight:
The flaw is due to an improper
implementation of access controls in the APIC system and an attacker could
exploit this vulnerability by accessing the boot manager of the APIC.

Vulnerability Impact:
Successful exploitation allows an
unauthenticated, local attacker to access the APIC as the root user and
perform root-level commands in single-user mode.

Affected Software/OS:
Cisco Application Policy Infrastructure
Controller running software version 1.1(0.920a)

Solution:
Upgrade to Cisco Application Policy
Infrastructure Controller software version as mentioned in vendor link.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-6424
BugTraq ID: 79410
http://www.securityfocus.com/bid/79410
Cisco Security Advisory: 20151216 Cisco Application Policy Infrastructure Controller Insecure Credentials Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic
http://www.securitytracker.com/id/1034468

Copyright Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.809051
Category:	CISCO
Title:	Cisco Application Policy Infrastructure Controller Access Bypass Vulnerability
Summary:	Cisco Application Policy Infrastructure Controller is prone to an access bypass vulnerability.
Description:	Summary: Cisco Application Policy Infrastructure Controller is prone to an access bypass vulnerability. Vulnerability Insight: The flaw is due to an improper implementation of access controls in the APIC system and an attacker could exploit this vulnerability by accessing the boot manager of the APIC. Vulnerability Impact: Successful exploitation allows an unauthenticated, local attacker to access the APIC as the root user and perform root-level commands in single-user mode. Affected Software/OS: Cisco Application Policy Infrastructure Controller running software version 1.1(0.920a) Solution: Upgrade to Cisco Application Policy Infrastructure Controller software version as mentioned in vendor link. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6424 BugTraq ID: 79410 http://www.securityfocus.com/bid/79410 Cisco Security Advisory: 20151216 Cisco Application Policy Infrastructure Controller Insecure Credentials Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151216-apic http://www.securitytracker.com/id/1034468
Copyright	Copyright (C) 2016 Greenbone AG