All the vulnerabilites related to cisco - application_policy_infrastructure_controller_\(apic\)
Vulnerability from fkie_nvd
Published
2015-07-24 14:59
Modified
2024-11-21 02:30
Severity ?
Summary
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | application_policy_infrastructure_controller_\(apic\) | 1.0\(1e\) | |
| cisco | nx-os | 11.0\(1b\) | |
| cisco | nx-os | 11.0\(1c\) | |
| cisco | nx-os | 11.0\(1d\) | |
| cisco | nx-os | 11.0\(1e\) | |
| cisco | nx-os | 11.0\(2j\) | |
| cisco | nx-os | 11.0\(2m\) | |
| cisco | nx-os | 11.0\(3f\) | |
| cisco | nx-os | 11.0\(3i\) | |
| cisco | nx-os | 11.0\(3k\) | |
| cisco | nx-os | 11.0\(3n\) | |
| cisco | nx-os | 11.0\(4h\) |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:application_policy_infrastructure_controller_\\(apic\\):1.0\\(1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "59595A27-AAA7-4659-BAE7-8A0FE8613CB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(1b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "C64CC640-B37D-4064-8946-B8CCCDE1A6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(1c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E8983275-20C6-487E-A265-3836F06AB226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "CBCA0A4F-D475-405C-B9A7-EBB0A816B9C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DA0E0039-23E1-425B-8B2C-DFE2C185CC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(2j\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9C3FB2AC-934D-4F12-9E9B-EA5F0731DA4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(2m\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BACE91F5-EC9B-4486-80F1-CFC3DA570B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(3f\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2C60E5B9-10AB-4A69-B28D-0D526756E6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(3i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "979FEE23-2C28-4212-9DA5-10A0EAFE1668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(3k\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9B610400-181F-4621-B27B-18C2609990DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(3n\\):*:*:*:*:*:*:*",
"matchCriteriaId": "4585B70C-E162-42FA-9CB8-42C1F34017AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:nx-os:11.0\\(4h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "788E6471-F000-45A7-9829-71F7AE5ED1B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991."
},
{
"lang": "es",
"value": "Vulnerabilidad en dispositivos Cisco Application Policy Infrastructure Controller (APIC) con software en sus versiones anteriores a la 1.0(3o) y 1.1 anteriores a la 1.1(1j) y dispositivos Nexus 9000 ACI con software en sus versiones anteriores a la 11.0(4o) y 11.1 anteriores a la 11.1(1j), no restringen adecuadamente el acceso al sistema de archivos APIC lo cual permite a usuarios remotos autenticados obtener privilegios de root a trav\u00e9s del uso no especificado de la configuraci\u00f3n de la funcionalidad cluster-management en el APIC, tambi\u00e9n conocido como Bug ID CSCuu72094 y CSCuv11991."
}
],
"id": "CVE-2015-4235",
"lastModified": "2024-11-21T02:30:41.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-07-24T14:59:00.073",
"references": [
{
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic"
},
{
"source": "ykramarz@cisco.com",
"url": "http://www.securitytracker.com/id/1033025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033025"
}
],
"sourceIdentifier": "ykramarz@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2015-4235
Vulnerability from cvelistv5
Published
2015-07-24 14:00
Modified
2024-08-06 06:11
Severity ?
EPSS score ?
Summary
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic | vendor-advisory, x_refsource_CISCO | |
| http://www.securitytracker.com/id/1033025 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:11:11.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20150722 Cisco Application Policy Infrastructure Controller Access Control Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic"
},
{
"name": "1033025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T09:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20150722 Cisco Application Policy Infrastructure Controller Access Control Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic"
},
{
"name": "1033025",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150722 Cisco Application Policy Infrastructure Controller Access Control Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150722-apic"
},
{
"name": "1033025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-4235",
"datePublished": "2015-07-24T14:00:00",
"dateReserved": "2015-06-04T00:00:00",
"dateUpdated": "2024-08-06T06:11:11.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}