CVE-2017-12262

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller Enterprise Module versions prior to 1.5

Description A misconfiguration in the firewall configuration could allow an unauthenticated, adjacent attacker to gain privileged access to services on the internal network of the device. This is due to an incorrect firewall rule that could forward traffic from the public interface to the internal virtual network. An attacker logically adjacent to the network could leverage this to gain access to internal services with elevated privileges.

Recommendations For versions prior to 1.5, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the public interface of the affected device to minimize the risk of exploitation.