CVE-2016-1302
Summary
| CVE | CVE-2016-1302 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-02-07 11:59:00 UTC |
| Updated | 2016-12-06 03:06:00 UTC |
| Description | Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998. |
Risk And Classification
Problem Types: CWE-284
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\(1e\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\(1h\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\(1k\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\(1n\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\(2j\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\(2m\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\(3f\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(1e\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(1h\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(1k\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(1n\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(2j\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(2m\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(3f\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.1\(0.920a\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.1\\\(0.920a\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(1e\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(1h\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(1k\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(1n\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(2j\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(2m\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.0\\\(3f\\\) | All | All | All |
| Application | Cisco | Application Policy Infrastructure Controller | 1.1\\\(0.920a\\\) | All | All | All |
| Hardware | Cisco | Nexus 92160yc-x | - | All | All | All |
| Hardware | Cisco | Nexus 92160yc-x | - | All | All | All |
| Hardware | Cisco | Nexus 92304qc | - | All | All | All |
| Hardware | Cisco | Nexus 92304qc | - | All | All | All |
| Hardware | Cisco | Nexus 9236c | - | All | All | All |
| Hardware | Cisco | Nexus 9236c | - | All | All | All |
| Hardware | Cisco | Nexus 9272q | - | All | All | All |
| Hardware | Cisco | Nexus 9272q | - | All | All | All |
| Hardware | Cisco | Nexus 93108tc-ex | - | All | All | All |
| Hardware | Cisco | Nexus 93108tc-ex | - | All | All | All |
| Hardware | Cisco | Nexus 93120tx | - | All | All | All |
| Hardware | Cisco | Nexus 93120tx | - | All | All | All |
| Hardware | Cisco | Nexus 93128tx | - | All | All | All |
| Hardware | Cisco | Nexus 93128tx | - | All | All | All |
| Hardware | Cisco | Nexus 93180yc-ex | - | All | All | All |
| Hardware | Cisco | Nexus 93180yc-ex | - | All | All | All |
| Hardware | Cisco | Nexus 9332pq | - | All | All | All |
| Hardware | Cisco | Nexus 9332pq | - | All | All | All |
| Hardware | Cisco | Nexus 9336pq Aci Spine | - | All | All | All |
| Hardware | Cisco | Nexus 9336pq Aci Spine | - | All | All | All |
| Hardware | Cisco | Nexus 9372px | - | All | All | All |
| Hardware | Cisco | Nexus 9372px | - | All | All | All |
| Hardware | Cisco | Nexus 9372tx | - | All | All | All |
| Hardware | Cisco | Nexus 9372tx | - | All | All | All |
| Hardware | Cisco | Nexus 9396px | - | All | All | All |
| Hardware | Cisco | Nexus 9396px | - | All | All | All |
| Hardware | Cisco | Nexus 9396tx | - | All | All | All |
| Hardware | Cisco | Nexus 9396tx | - | All | All | All |
| Hardware | Cisco | Nexus 9504 | - | All | All | All |
| Hardware | Cisco | Nexus 9504 | - | All | All | All |
| Hardware | Cisco | Nexus 9508 | - | All | All | All |
| Hardware | Cisco | Nexus 9508 | - | All | All | All |
| Hardware | Cisco | Nexus 9516 | - | All | All | All |
| Hardware | Cisco | Nexus 9516 | - | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\(1b\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\(1c\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\(1d\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\(1e\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\(2j\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\(2m\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\(3f\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(1b\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(1c\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(1d\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(1e\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(2j\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(2m\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(3f\\\) | All | All | All |
| Operating System | Cisco | Nx-os | base | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(1b\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(1c\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(1d\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(1e\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(2j\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(2m\\\) | All | All | All |
| Operating System | Cisco | Nx-os | 11.0\\\(3f\\\) | All | All | All |
| Operating System | Cisco | Nx-os | base | All | All | All |
| Operating System | Samsung | X14j Firmware | t-ms14jakucb-1102.5 | All | All | All |
| Operating System | Sun | Opensolaris | snv_124 | All | sparc | All |
| Operating System | Zyxel | Gs1900-10hp Firmware | All | All | All | All |
| Operating System | Zzinc | Keymouse Firmware | 3.08 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Application Policy Infrastructure Controller RBAC Bug Lets Remote Authenticated Users Modify the Configuration - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Cisco Application Policy Infrastructure Controller Access Control Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.