CVE-2016-1365

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.0

Description The issue concerns the Grapevine update process, which allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter.

Recommendations For Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) version 1.0, consider restricting access to the upgrade parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.