Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Cisco Application Policy Infrastructure Controller Access Control Vulnerability (Nexus 9xxx)

Information

Severity

Severity

Critical

Family

Family

CISCO

CVSSv2 Base

CVSSv2 Base

9.0

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

6 years ago

Modified

Modified

3 years ago

Summary

A vulnerability in the role-based access control (RBAC) of the Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated remote user to make configuration changes outside of their configured access privileges.

Insight

Insight

The vulnerability is due to eligibility logic in the RBAC processing code.

Affected Software

Affected Software

Cisco Nexus 9000 Series ACI Mode Switches when running software versions prior to 11.0(3h) and 11.1(1j)

Detection Method

Detection Method

Check the NX OS version.

Solution

Solution

See the vendor advisory for a solution

Common Vulnerabilities and Exposures (CVE)