CVE-2016-1302

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.0(3h) and prior to 1.1(1j) Nexus 9000 ACI Mode switches versions prior to 11.0(3h) and prior to 11.1(1j)

Description The issue is related to inadequate access control in the network operating system and the Application Policy Infrastructure Controller, allowing remote authenticated users to bypass intended Role-Based Access Control (RBAC) restrictions via crafted REST requests.

Recommendations For Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.0(3h), update to version 1.0(3h) or later. For Cisco Application Policy Infrastructure Controller (APIC) versions prior to 1.1(1j), update to version 1.1(1j) or later. For Nexus 9000 ACI Mode switches versions prior to 11.0(3h), update to version 11.0(3h) or later. For Nexus 9000 ACI Mode switches versions prior to 11.1(1j), update to version 11.1(1j) or later. As a temporary workaround, consider restricting access to REST endpoints to minimize the risk of exploitation.