[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory:Cisco Application Policy Infrastructure Controller Enterprise Module Remote Code Execution Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 17 Aug 2016 12:04:43 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco Security Advisory: Cisco Application Policy Infrastructure Controller 
Enterprise Module Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20160817-apic 

Revision 1.0

Published: 2016 August 17 16:00  GMT
+---------------------------------------------------------------------

Summary
=======

A vulnerability in the Grapevine update process of the Cisco Application Policy 
Infrastructure Controller Enterprise Module (APIC-EM) could allow an 
authenticated, remote attacker to execute arbitrary commands on the underlying 
operating system with the privileges of the root user.
                
The vulnerability is due to insufficient input sanitization during the 
Grapevine update process. An attacker could exploit this vulnerability by 
authenticating to the affected system with administrative privileges and 
inserting arbitrary commands into an upgrade parameter. An exploit could allow 
the attacker to execute arbitrary commands on the affected system with 
root-level privileges.
                
Cisco has released software updates that address this vulnerability. 
Workarounds that address this vulnerability are not available. 
                
This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-apic
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJXtHUBAAoJEK89gD3EAJB5R/gQAJNpnrqzsRS2HQzw6wq/e3wk
9AQHGBahR/l9C9tN5h+lsGVNOQ+o4KQLZpGe9qi6GDyy9WwHfCa95DgQ5fIfrLlk
OUzgEpCnJ87PdLY6kBxK/y6doSY7Nwa8ilyegbTnFCurqYUOB6pYSR8+cabq4V5h
GSdLBaBQlpJ0w/Ic7Q1fkOk64AgZvs4p6swuyOgvr9+NDBM3cRcaY64xWhSuM6EM
Sxh0aqYiG0dvrn1ulWFLh39mL0DWWo1krxbWv1Kag5F2Jtfnhnrur4Vt8ROF8uYj
igwrRd0k1cEbKJplzRpEIUMro4j0I1c0SbVtcs6+frovplcXB1mmt8bEPjwrlbZ/
gfLWSArj9E77SDYFSgWcEknNFoyOWZ/tmMJuRuK/JV8072SpLe1nSI3/ZX4qLT2+
reixn7kI91MWLRdOcUf2x4uj8P1cOTipItTw9WUNyIowTN3L5LDARUnCGG7J+/mc
vzp4LKHG2nDeG1iA7bZx7wLuehkeRs4WPKtlAs4F7jNm1WRJNyQ+GP9Ik6dfcDbK
1Z8fLTlNzbE3GH4hBbWliZq2/dVUkwPPPI0t1aVhdkKKjqwrASlaWR/XVaf5uEuv
rR4VYUXa0cRKi4wcVFLqyLoEnVD0pJGBGB87XGXhQ2lFlBJ9u9Gv57+nCCqP1egJ
aBvnymLDgKAGUDyPrULa
=S8Uw
-----END PGP SIGNATURE-----

Prev by Date: Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability
Next by Date: Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability
Previous by thread: Cisco Security Advisory: Cisco Firepower Management Center Privilege Escalation Vulnerability
Next by thread: Cisco Security Advisory: Cisco Firepower Management Center Remote Command Execution Vulnerability
Index(es):
- Date
- Thread