CVE-2016-1302

moderate-risk

Published 2016-02-07

Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3h) and 1.1 before 1.1(1j) and Nexus 9000 ACI Mode switches with software before 11.0(3h) and 11.1 before 11.1(1j) allow remote authenticated users to bypass intended RBAC restrictions via crafted REST requests, aka Bug ID CSCut12998.

Do I need to act?

0.22% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (5)

Nx-Os

X14J Firmware

Opensolaris

Gs1900-10Hp Firmware

Keymouse Firmware

Affected Vendors

Zzinc Sun Cisco Samsung Zyxel

References (4)

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securitytracker.com/id/1034925

Vendor Advisory http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20...

http://www.securitytracker.com/id/1034925

/ 100

moderate-risk

Severity 30/34 · Critical

Exploitability 1/34 · Minimal

Exposure 12/34 · Low