PT-2016-1475 · Cisco · Nexus 9000 Aci Mode Switches+1
Publicado
2016-02-07
·
Atualizado
2016-12-06
·
CVE-2016-1302
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.0(3h) and prior to 1.1(1j)
Nexus 9000 ACI Mode switches versions prior to 11.0(3h) and prior to 11.1(1j)
Description
The issue is related to inadequate access control in the network operating system and the Application Policy Infrastructure Controller, allowing remote authenticated users to bypass intended Role-Based Access Control (RBAC) restrictions via crafted REST requests.
Recommendations
For Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.0(3h), update to version 1.0(3h) or later.
For Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.1(1j), update to version 1.1(1j) or later.
For Nexus 9000 ACI Mode switches versions prior to 11.0(3h), update to version 11.0(3h) or later.
For Nexus 9000 ACI Mode switches versions prior to 11.1(1j), update to version 11.1(1j) or later.
As a temporary workaround, consider restricting access to REST endpoints to minimize the risk of exploitation.
Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Application Policy Infrastructure Controller
Nexus 9000 Aci Mode Switches