← Back

CVE-2015-4235

nvd nist
Published: Jul 24, 2015Modified: May 6, 2026

JSON object

Loading...
9.0
Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
Exploitability: 8.0 / Impact: 10.0
Source: NVD

Description

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991.

Affected (12)

Cisco
2 products
Application Policy Infrastructure Controller (apic)
Nx Os
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Application Policy Infrastructure Controller (apic)
Version 1.0(1e)
Cisco
Nx Os
Version 11.0(1b)
Nx Os
Version 11.0(1c)
Nx Os
Version 11.0(1d)
Nx Os
Version 11.0(1e)
Nx Os
Version 11.0(2j)
Nx Os
Version 11.0(2m)
Nx Os
Version 11.0(3f)
Nx Os
Version 11.0(3i)
Nx Os
Version 11.0(3k)
Nx Os
Version 11.0(3n)
Nx Os
Version 11.0(4h)

Related CWEs

CWE-264
CWE-264

References (4)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.