CVE-2015-4225

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (APIC) versions 1.0(1.110a) through 1.0(1e)

Description The issue is related to improper implementation of Role-Based Access Control (RBAC) health scoring, allowing remote authenticated users to obtain sensitive information. The vulnerability is also associated with insufficient access restrictions to certain functions in the NX-OS network operating system, which can be exploited by a remote authenticated attacker to access protected information.

Recommendations For Cisco Application Policy Infrastructure Controller (APIC) versions 1.0(1.110a) through 1.0(1e), consider restricting access to sensitive information and functions until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.