CVE-2017-6767

Name of the Vulnerable Software and Affected Versions Cisco Application Policy Infrastructure Controller (APIC) versions 1.0(1e) through 1.0(4o) Cisco Application Policy Infrastructure Controller (APIC) versions 1.1(0.920a) through 1.1(3f) Cisco Application Policy Infrastructure Controller (APIC) versions 1.2 Base through 1.2.2 Cisco Application Policy Infrastructure Controller (APIC) versions 1.3(1) through 1.3(2f) Cisco Application Policy Infrastructure Controller (APIC) versions 2.0 Base through 2.0(1)

Description A limitation in Role-Based Access Control (RBAC) grants privileges to remotely authenticated users when login occurs via SSH directly to the local management interface of the APIC, allowing an authenticated, remote attacker to gain higher privileges than the account is assigned. The attacker will be granted the privileges of the last user to log in, regardless of whether those privileges are higher or lower than what should have been granted. However, the attacker cannot gain root-level privileges. An attacker could exploit this by authenticating to the targeted device, resulting in the attacker's privilege level being modified to match that of the last user to log in via SSH. This could allow the attacker to gain elevated privileges and perform CLI commands that should be restricted by the attacker's configured role.

Recommendations For versions 1.0(1e) through 1.0(4o), update to a fixed version to resolve the issue. For versions 1.1(0.920a) through 1.1(3f), update to a fixed version to resolve the issue. For versions 1.2 Base through 1.2.2, update to a fixed version to resolve the issue. For versions 1.3(1) through 1.3(2f), update to a fixed version to resolve the issue. For versions 2.0 Base through 2.0(1), update to a fixed version to resolve the issue. As a temporary workaround, consider restricting SSH access to the local management interface of the APIC to minimize the risk of exploitation.