CVE-2016-1365

Published on: 08/18/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Application Policy Infrastructure Controller Enterprise Module from Cisco contain the following vulnerability:

The Grapevine update process in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0 allows remote authenticated users to execute arbitrary commands as root via a crafted upgrade parameter, aka Bug ID CSCux15507.

  • CVE-2016-1365 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 8.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability Vendor Advisory
tools.cisco.com
text/html
URL Logo CISCO 20160817 Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) Input Validation Flaw in Grapevine Update Process Lets Remote Authenticated Users Execute Arbitrary Commands on the Target System - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036634
Cisco APIC-EM CVE-2016-1365 Remote Code Execution Vulnerability cve.report (archive)
text/html
URL Logo BID 92507

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoApplication Policy Infrastructure Controller Enterprise Module1.0.10AllAllAll
ApplicationCiscoApplication Policy Infrastructure Controller Enterprise Module1.0.10AllAllAll
  • cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.0.10:*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:application_policy_infrastructure_controller_enterprise_module:1.0.10:*:*:*:*:*:*:*: