CVE-2016-1302
HIGHCisco APIC <1.0.3h & Nexus 9000 ACI Mode <11.0.3h - Auth Bypass
Title source: llmDescription
Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160203-apic
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034925
Scores
CVSS v3
8.8
EPSS
0.0022
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-284
Status
published
Products (5)
cisco/nx-os
base
samsung/x14j_firmware
t-ms14jakucb-1102.5
sun/opensolaris
snv_124
zyxel/gs1900-10hp_firmware
< 2.50\(aazi.0\)c0
zzinc/keymouse_firmware
3.08
Published
Feb 07, 2016
Tracked Since
Feb 18, 2026