Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2b1lMAl
A vulnerability in the Grapevine update process of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with the privileges of the root user.The vulnerability is due to insufficient input sanitization during the Grapevine update process. An attacker could exploit this vulnerability by authenticating to the affected system with administrative privileges and inserting arbitrary commands into an upgrade parameter. An exploit could allow the attacker to execute arbitrary commands on the affected system with root-level privileges.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link: http://ift.tt/2b1lMAl
Security Impact Rating: High
CVE: CVE-2016-1365
from Cisco Security Advisory http://ift.tt/2b1lMAl