CVE-2016-1420

Properties

Published:
08.06.2016
Updated:
10.06.2016
Patch available:
Severity:
High
CVSS vector:
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Product:
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware
cisco: application_policy_infrastructure_controller_firmware

Vulnerability description

The installation component on Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCuz72347.

References:

CISCO:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-apic