CVE-2016-1302
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD
Description
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
Affected (5)
Show all products
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version t-ms14jakucb-1102.5 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version base | |
| Version snv_124 | |
| Before 2.50\(aazi.0\)c0 | |
| Version 3.08 |
| Running on/with | Platform Versions |
|---|---|
Cisco Nexus 92160yc X | All versions |
Cisco Nexus 92304qc | All versions |
Cisco Nexus 9236c | All versions |
Cisco Nexus 9272q | All versions |
Cisco Nexus 93108tc Ex | All versions |
Cisco Nexus 93120tx | All versions |
Cisco Nexus 93128tx | All versions |
Cisco Nexus 93180yc Ex | All versions |
Cisco Nexus 9332pq | All versions |
Cisco Nexus 9336pq Aci Spine | All versions |
Cisco Nexus 9372px | All versions |
Cisco Nexus 9372tx | All versions |
Cisco Nexus 9396px | All versions |
Cisco Nexus 9396tx | All versions |
Cisco Nexus 9504 | All versions |
Cisco Nexus 9508 | All versions |
Cisco Nexus 9516 | All versions |
References (4)
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.