CVE-2019-1682

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (affected versions not specified)

Description The issue is related to insufficient access control in the FUSE filesystem functionality, which could allow an authenticated, local attacker to escalate privileges to root on an affected device. This is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file, causing the underlying FUSE driver to execute crafted commands and elevate the attacker's privileges to root.

Recommendations As a temporary workaround, consider restricting access to the FUSE filesystem functionality until a patch is available. Restrict write permissions for files within readable folders on the device to minimize the risk of exploitation. Avoid using the affected CLI commands until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.