CVE-2015-4235

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.0(3o) and 1.1 prior to 1.1(1j) Nexus 9000 ACI devices versions prior to 11.0(4o) and 11.1 prior to 11.1(1j)

Description The issue is related to insufficient access restrictions to certain features in the NX-OS network operating system. This can be exploited by a remote attacker who has passed the authentication procedure to gain root user privileges due to errors in assigning permissions to objects in the APIC file system.

Recommendations For Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.0(3o) and 1.1 prior to 1.1(1j), update to version 1.0(3o) or 1.1(1j) or later. For Nexus 9000 ACI devices versions prior to 11.0(4o) and 11.1 prior to 11.1(1j), update to version 11.0(4o) or 11.1(1j) or later.