Cisco: >> Application Policy Infrastructure Controller Security Vulnerabilities
A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches for Application Centric Infrastructure (ACI) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability affects Cisco Nexus 9000 Series Leaf Switches (TOR) - ACI Mode and Cisco Application Policy Infrastructure Controller (APIC). More Information: CSCuy93241. Known Affected Releases: 11.2(2x) 11.2(3x) 11.3(1x) 11.3(2x) 12.0(1x). Known Fixed Releases: 11.2(2i) 11.2(2j) 11.2(3f) 11.2(3g) 11.2(3h) 11.2(3l) 11.3(0.236) 11.3(1j) 11.3(2i) 11.3(2j) 12.0(1r).
CVSS Score
6.5
EPSS Score
0.004
Published
2016-11-19
The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496.
CVSS Score
7.8
EPSS Score
0.001
Published
2016-09-24
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.
CVSS Score
7.2
EPSS Score
0.001
Published
2015-12-18
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.
CVSS Score
4.6
EPSS Score
0.001
Published
2015-10-16
Page 4