PT-2015-2239 · Cisco · Nx-Os+2
Publicado
2015-07-24
·
Atualizado
2017-09-21
·
CVE-2015-4235
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.0(3o) and 1.1 prior to 1.1(1j)
Nexus 9000 ACI devices versions prior to 11.0(4o) and 11.1 prior to 11.1(1j)
Description
The issue is related to insufficient access restrictions to certain features in the NX-OS network operating system. This can be exploited by a remote attacker who has passed the authentication procedure to gain root user privileges due to errors in assigning permissions to objects in the APIC file system.
Recommendations
For Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.0(3o) and 1.1 prior to 1.1(1j), update to version 1.0(3o) or 1.1(1j) or later.
For Nexus 9000 ACI devices versions prior to 11.0(4o) and 11.1 prior to 11.1(1j), update to version 11.0(4o) or 11.1(1j) or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Application Policy Infrastructure Controller
Nx-Os
Nexus 9000 Aci