CVE-2016-1365

Published: Aug 18, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.

Affected (1)

Products: Cisco: Application Policy Infrastructure Controller Enterprise Module

Cisco

1 product

Application Policy Infrastructure Controller Enterprise Module

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Application Policy Infrastructure Controller Enterprise Module	Version 1.0.10

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/92507

Source: psirt@cisco.com

http://www.securitytracker.com/id/1036634

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92507

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036634

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.