CVE-2016-1302

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
zyxelgs1900-10hp_firmware
𝑥
< 2.50\(aazi.0\)c0
zzinckeymouse_firmware
3.08
zyxelgs1900-10hp_firmware
𝑥
< 2.50\(aazi.0\)c0
zzinckeymouse_firmware
3.08
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic
http://www.securitytracker.com/id/1034925
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic
http://www.securitytracker.com/id/1034925