CVE-2017-6768
Vulnerability from cvelistv5
Published
2017-08-17 20:00
Modified
2024-09-17 01:41
Severity ?
Summary
A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/100363Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1039179Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100363Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039179Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2Vendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:41:17.110Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "100363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100363"
          },
          {
            "name": "1039179",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039179"
          },
          {
            "name": "20170816 Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Application Policy Infrastructure Controller (APIC)",
          "vendor": "Cisco Systems, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "1.1(0.920a), 1.1(1j), 1.1(3f)"
            },
            {
              "status": "affected",
              "version": "1.2 Base, 1.2(2), 1.2(3), 1.2.2"
            },
            {
              "status": "affected",
              "version": "1.3(1), 1.3(2), 1.3(2f)"
            },
            {
              "status": "affected",
              "version": "2.0 Base, 2.0(1)"
            }
          ]
        }
      ],
      "datePublic": "2017-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-18T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "100363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100363"
        },
        {
          "name": "1039179",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039179"
        },
        {
          "name": "20170816 Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2017-08-16T00:00:00",
          "ID": "CVE-2017-6768",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Application Policy Infrastructure Controller (APIC)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.1(0.920a), 1.1(1j), 1.1(3f)"
                          },
                          {
                            "version_value": "1.2 Base, 1.2(2), 1.2(3), 1.2.2"
                          },
                          {
                            "version_value": "1.3(1), 1.3(2), 1.3(2f)"
                          },
                          {
                            "version_value": "2.0 Base, 2.0(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco Systems, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "100363",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100363"
            },
            {
              "name": "1039179",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039179"
            },
            {
              "name": "20170816 Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6768",
    "datePublished": "2017-08-17T20:00:00Z",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-09-17T01:41:54.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\\\(0.920a\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEB53938-6806-4B04-B7FF-26E33CE6DEDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\\\(1j\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFF54ABE-3471-4FC5-A1C3-80FF87DDF974\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\\\(3f\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11FB6E8-A139-40F7-A771-389BA5206AEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"633D2528-7FC4-448C-AEF4-5849B172CE11\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2585A246-7C8F-4755-9DB9-E9A668901B7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DDB99045-1F1E-47E4-927F-D5BFE604A600\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2DC0E10-92EE-4333-BD79-97A67F1391B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"789A655E-4670-421D-98EA-B80F4EF35191\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCB2662B-7AD7-486D-B492-3ED74723A88D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\\\(2f\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEF694D0-E231-454D-B7EB-BBBDE205C836\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\\\(1\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05098742-7099-424F-8490-300508F0459F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0_base:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FDD546D-F662-41D4-B67C-4FBF919C7DE0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el procedimiento de construcci\\u00f3n para ciertos archivos del sistema ejecutables instalados en el tiempo de arranque en dispositivos Cisco Application Policy Infrastructure Controller (APIC) podr\\u00eda permitir que un atacante local autenticado obtuviese privilegios de nivel root. Esta vulnerabilidad se debe a un archivo del sistema ejecutable personalizado que ha sido construido para usar rutas de b\\u00fasqueda relativas para librer\\u00edas sin validar correctamente la librer\\u00eda que se va a cargar. Un atacante podr\\u00eda explotar esta vulnerabilidad autentic\\u00e1ndose en el dispositivo y cargando una librer\\u00eda maliciosa que puede escalar el nivel de privilegios. Un exploit exitoso podr\\u00eda permitir que el atacante obtenga privilegios de nivel root y obtenga el control total del dispositivo. El atacante debe tener credenciales de usuario v\\u00e1lidas para poder iniciar sesi\\u00f3n en el dispositivo. Cisco Bug IDs: CSCvc96087. Versiones afectadas conocidas: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).\"}]",
      "id": "CVE-2017-6768",
      "lastModified": "2024-11-21T03:30:28.883",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-17T20:29:00.433",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/100363\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039179\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100363\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039179\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-426\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6768\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2017-08-17T20:29:00.433\",\"lastModified\":\"2024-11-21T03:30:28.883\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller (APIC) devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system file that was built to use relative search paths for libraries without properly validating the library to be loaded. An attacker could exploit this vulnerability by authenticating to the device and loading a malicious library that can escalate the privilege level. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. The attacker must have valid user credentials to log in to the device. Cisco Bug IDs: CSCvc96087. Known Affected Releases: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el procedimiento de construcci\u00f3n para ciertos archivos del sistema ejecutables instalados en el tiempo de arranque en dispositivos Cisco Application Policy Infrastructure Controller (APIC) podr\u00eda permitir que un atacante local autenticado obtuviese privilegios de nivel root. Esta vulnerabilidad se debe a un archivo del sistema ejecutable personalizado que ha sido construido para usar rutas de b\u00fasqueda relativas para librer\u00edas sin validar correctamente la librer\u00eda que se va a cargar. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el dispositivo y cargando una librer\u00eda maliciosa que puede escalar el nivel de privilegios. Un exploit exitoso podr\u00eda permitir que el atacante obtenga privilegios de nivel root y obtenga el control total del dispositivo. El atacante debe tener credenciales de usuario v\u00e1lidas para poder iniciar sesi\u00f3n en el dispositivo. Cisco Bug IDs: CSCvc96087. Versiones afectadas conocidas: 1.1(0.920a), 1.1(1j), 1.1(3f); 1.2 Base, 1.2(2), 1.2(3), 1.2.2; 1.3(1), 1.3(2), 1.3(2f); 2.0 Base, 2.0(1).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\\\(0.920a\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEB53938-6806-4B04-B7FF-26E33CE6DEDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\\\(1j\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFF54ABE-3471-4FC5-A1C3-80FF87DDF974\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.1\\\\(3f\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11FB6E8-A139-40F7-A771-389BA5206AEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"633D2528-7FC4-448C-AEF4-5849B172CE11\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2585A246-7C8F-4755-9DB9-E9A668901B7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDB99045-1F1E-47E4-927F-D5BFE604A600\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.2_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2DC0E10-92EE-4333-BD79-97A67F1391B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"789A655E-4670-421D-98EA-B80F4EF35191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCB2662B-7AD7-486D-B492-3ED74723A88D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:1.3\\\\(2f\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEF694D0-E231-454D-B7EB-BBBDE205C836\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0\\\\(1\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05098742-7099-424F-8490-300508F0459F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:application_policy_infrastructure_controller:2.0_base:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FDD546D-F662-41D4-B67C-4FBF919C7DE0\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100363\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039179\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100363\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039179\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-apic2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.