what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Cisco Security Advisory 20160203-apic

Cisco Security Advisory 20160203-apic
Posted Feb 4, 2016
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges. The vulnerability is due to eligibility logic in the RBAC processing code. An authenticated user could exploit this vulnerability by sending specially crafted representational state transfer (REST) requests to the APIC. An exploit could allow the authenticated user to make configuration changes to the APIC beyond the configured privilege for their role. Cisco has released software updates that address this vulnerability.

tags | advisory, remote
systems | cisco
SHA-256 | 2a0cb1732895f0f458645023d43a90cb57c506d514b40bc50b237d1778216fe3

Cisco Security Advisory 20160203-apic

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller Access Control Vulnerability

Advisory ID: cisco-sa-20160203-apic

Revision: 1.0

For Public Release 2016 February 03 16:00 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges.

The vulnerability is due to eligibility logic in the RBAC processing code. An authenticated user could exploit this vulnerability by sending specially crafted representational state transfer (REST) requests to the APIC. An exploit could allow the authenticated user to make configuration changes to the APIC beyond the configured privilege for their role.

Cisco has released software updates that address this vulnerability.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVrCha689gD3EAJB5AQIpfhAAnB7qeHrfdjA/CSMgMk2VxNM9EkZrer2E
wizm4VxJyrLXC3rxVwmhObSsfgIGEzgRAhQ9iqX9FNL34OVVs6FTmxij7XRfCuVR
dIvNYQ/yT3e6siGQSKQjZ9K5GZ1bRHyCw9LyEqQwaWuWXg7/bCWM/FqluPngNn96
TRXSt1CM+ELV/tFSAUeu2jkHAyCLd9slwxmjh7Ti0LMVLeeQoUmXo81p08rRz1rV
JpWA2tr4HO4/e4+3cJS3oe5kLGy7b7e7vUX4auxnnD5ZZEvGABs/IC4PGqo33U1g
zQE1QrMBBxot5UcrHOnQEjfx9RJ8vEpw1GihemvLHcsCV0d4JWeS3FJzUnWXWOgT
G5/KCao/8hsTiqu8bs2M2c4hhfP/41XHO1wkCeZEJKUS9oaPhv8uF2ly1dr3uW68
YgSY1AW7CqxqiiLktryFoCS29JWqNsYGGW43NCwWImaVyFkL6TekqjGIZYuTkpO9
fT0Q/qBD+D1NhNeesesS3KGLdQ5kFpvl936vf2coesTtlkX2L/ItJjLCGLX1jhw0
+Qk8R8GNqnj55GIjaXL64cUcDPpu90PE1K4IG533WhmrxKgZ+RzMT1I0zEwDX8et
M7Z4mtlpv1owzvkIDjihUipAq8Hgj7qaNtB9sqNxlVSKxVFEI+JcWz/6DWGact7G
3ypCksBxTK0=
=dg7F
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close